This page contains HQ-specific information regarding Data-at-Rest (DAR) encryption services at Headquarters.
As mandated by Federal law and Agency policy, all NASA-issued laptops, as well as desktops with sensitive data, must have Data-At-Rest (DAR) whole-disk encryption software.
Per the Agency directive dated November 13, 2012, no NASA-issued laptop may be removed from a NASA facility unless DAR encryption software is enabled.
Purpose of DAR Encryption
Due to the risk of critical data loss in the event of lost or stolen computers, NASA has implemented Data-at-Rest (DAR) encryption on all laptop computers as well as desktop computers with sensitive data (e.g., Personally Identifiable Information (PII), Sensitive But Unclassified (SBU), International Traffic in Arms Regulations (ITAR), Export Administration Regulations (EAR) data). DAR encryption helps mitigate the risk of critical data loss in the event of a lost or stolen computer.
About DAR Encryption
With DAR encryption, the data on the computer is encrypted when your computer is not in an active state (e.g., when the power is turned off or the device is in hibernation mode). Therefore, the data will not be accessible in the event of computer loss or theft. DAR software encrypts every sector of the hard drive inside the computer and only allows authorized NASA users to log in past that encryption.
Encrypting Individual Files and E-mail
DAR does not take the place of Entrust PKI for encrypting individual files or for sending encrypted e-mail messages. E-mail messages sent from your laptop or desktop will be unencrypted unless you use Entrust to protect the message. DAR is designed solely to protect against the loss or theft of your computer (i.e. a laptop stolen from a car or left in an airport lobby).