EA-STD-039 Encryption – Data at Rest

Architectural Classification

Technology \ Security \ Data

Standard Specification

Data is created, consumed and transmitted by devices across the enterprise countless times each day. It is very important to recognise when data is sensitive, or restricted in nature it should be protected in terms of its confidentiality and also its integrity. To complement the Data Transfer Standard (EA-STD-034), when restricted data is at rest it must be secured through approved encryption standards that are presented below.
 

Baseline (Today) Emerging (To track)
  • Unencrypted data

    • Algorithms

  • Advanced Encryption Standard (AES-256)
  • Federal Information Processing Standard (FIPS-140-2)
  • Triple Data Encryption Standard (3DES)

    • Products

  • Microsoft BitLocker
  • Apple FileVault 2
  • TrueCrypt

 
    Algorithms

  • Future versions of Advanced Encryption Standard (AES)
  • Future versions of Federal Information Processing Standard (FIPS)
  • Future version of Triple Data Encryption Standard (3DES)

    • Products

  • BoxCryptor
  • Future versions of Microsoft Windows encryption
  • Future versions of Apple OSX encryption
  • Open source encryption software
Tactical (0-3 years) Strategic (3-6 years)
  • Unencrypted data (public data only)

    • Algorithms

  • Advanced Encryption Standard (AES-256)
  • Federal Information Processing Standard (FIPS-140-2)
  • Triple Data Encryption Standard (3DES)

    • Products

  • Microsoft BitLocker
  • Apple FileVault 2
  • Unencrypted data (public data only)

    • Algorithms

  • Advanced Encryption Standard (AES-256)
  • Federal Information Processing Standard (FIPS-140-2)
  • Triple Data Encryption Standard (3DES)

    • Products

  • Microsoft BitLocker
  • Apple FileVault 2
Retirement (to be removed) Containment (No new development)
    Algorithms

    Products

  • TrueCrypt
    Algorithms

    Products

  • TrueCrypt

 

Author: Paul Ferrier Date: 08/05/2015 Version: 0.9
Document Security Level: PUBLIC (DRAFT) 
Document Approvals: Technical Architecture Group

Enterprise Architecture Practice

Enterprise Architecture Board

IT Director
Review Date: May 2016

Secure Data Destruction Roadmap

EA-STD-039 Encryption - Data at Rest

Leave a Reply

Your email address will not be published. Required fields are marked *