Now you can protect classified data up to TS on laptops and other devices using NSA-validated technologies. When properly configured, NSA-validated Data-at-Rest laptops can simply be powered off and then handled as unclassified systems – allowing for easy transport and storage in between use at operational locations.
Ortman Consulting is an authorized SDVOSB reseller of KLC Group’s CipherDriveOne™ and CipherDrive2+ Full-Disk Encryption software. This is one component of a two-tier DAR solution. CipherDrive is the first Authorization Acquisition (AA) host encryption software solutions that meet NSA Data-at-Rest (DAR) and NIAP collaborative Protection Profiles (cPPs) for full disk encryption.
CipherDriveOne™ and CipherDrive2+ provide unparalleled protection to computers and servers using pre-boot disk locking. This software locks the entire hard drive – not just individual data files. NSA-grade encryption keys must be unlocked by an authorized account before the operating system, virtual machine, or any files stored on the protected disk can be read or executed. CipherDriveOne™ and CipherDrive2+ protect high-value, mobile, and deployed computing systems against unauthorized access, data theft, and privacy breaches.
When combined with an approved self-encrypting drive such as a Digistor hard disk, CipherDrive provide NSA-validated DAR protection for classified data up to TS.
Purchase DAR products from GSA
- Encryption – AES-256, FIPS PUB 197 specification
- NIAP and Common Criteria FED Certification
- Authentication Acquisition (AA) software
- Compliant under collaborative Protection Profiles (cPP)
- Pre-Boot Authentication (PBA) supports booting and chain loading
- PBA Admin and Management capabilities
- 2-Factor / Multi-factor Authentication support
- Support for CAC/PIV/CIV and SIPRNET cards and tokens
- Cryptographic Erase (CE)
- User Management module
- TPM 2.0 support
- Key Management – No recovery feature
- Boot package for initial setup and implementation of solution
Achieve Compliance with Global Data Protection Laws and Standards
- Health Insurance Portability and
- Accountability Act (HIPAA)
- California Consumer Privacy Act (CCPA)
- Sarbanes-Oxley Act (SOX)
- General Data Protection Regulation (GDPR)
- The Payment Card Industry Data Security Standard (PCI-DSS)
Pre-boot Locking and Strong Authentication
Military Grade Encryption
CipherDriveOne and CipherDrive2+ utilize military grade encryption algorithms with FIPS-140-2 and Common Criteria certification.
Multiple User Configuration
Auditing and Logging
CipherDriveOne and CipherDrive2+ allow administrators to review audit logs and authentication reports. These reports can be used to meet privacy compliance laws.
CipherDriveOne and CipherDrive2+ support “self-destruct” of the encryption keys using a configurable “dead-man’s switch” feature. The Security Officer or Administrator can issue a Crypto Erase command to cryptographically erase all the data on the drive.
Secure Virtualized Systems
CipherDriveOne and CipherDrive2+ integrate with the latest hardware and software virtualization technologies. Encryption protection at the volume/partition level makes management and configuration simple. Chain boot services living outside CipherDrive’s Pre-Boot Authentication boundary makes it easier to integrate into OpenXT, SecureView, and other VM systems.
Special Features of CipherDrive2+
CipherDrive2+ allows managing and unlocking multiple physical drives on the same computing device from one single local interface. This feature is especially useful for higher-end computers and servers in mobile and deployed environments where DAR must be implemented across multiple hard drives.
Disk types supported: SATA/NVMe OPAL-2 compliant Self Encrypting Drives (SED) drives – Ortman Consulting offers compatible Digistor drives bundled with CipherDriveOne software through our GSA Advantage purchase portal
Operating Systems supported: Windows, Linux, OpenXT
|Security Service||CNSA Suite Standards||Protection Level|
|Confidentiality (Encryption)||AES-256 / FIPS PUB.197||Up to Top Secret|
|Authentication (Digital Signature)||Elliptic Curve Digital Secure Algorithm (ECDSA) over the curve P-384 with SHA-384 / FIPS PUB 186.4 RSA 3072 (Minimum) / FIPS PUB 186.4||Up to Top Secret|
|Integrity (Hashing)||SHA-384 / FIPS PUB 180-4||Up to Top Secret|
All product names, trademarks and registered trademarks are property of their respective owners.