A Portable hard drive with potentially 48,000 veterans information is missing from a VA medical facility in Birmingham Alabama.  In an interesting development, Rep Spencer Bachus, R-Ala. said that over half of the information was not encrypted.  This implies that just under half were... I wonder what solution they are using.

The Bush administration gave agencies 45 days from June 23rd, 2006 to comply with 2 factor authentication and drive encryption standards set forth by NIST and the NSA.

Official Whitehouse memo on hard drive encryption:
http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf

"1. Encrypt all data on mobile computers/devices which carry agency data unless the data
is determined to be non-sensitive, in writing, by your Deputy Secretary or an
individual he/she may designate in writing; "

The topic of laptop/hardrive encryption is a very hot one.  Almost all of my clients are asking for solutions, and thoughts on the matter.  Some of them have rolled out Utimaco, with mostly positive results.  Others have gone with PGP Universal, choosing one solution for both disk and email encryption.


What are your organizations using?  Perhaps this will be a new poll.

Mike Poor
Intelguardians
SANS Internet Storm Center Handler on Duty