SEC seeks encryption sources
- By Mary Mosquera
- Aug 18, 2006
The Securities and Exchange Commission seeks sources for encryption of all user data on all agency laptops and portable media devices from GSA Schedule holders.
SEC requires that the product encrypt the entire hard disk so that if a disk were pulled and analyzed, it would be unreadable, the securities agency said in a posting on FedBizOpps
Responses are due Aug. 25.
The Office of Management and Budget issued a memo
in June requiring agencies to encrypt data running on laptops and other portable media that contain personally identifiable information. The deadline was Aug. 7.
The application must ensure that encrypted volumes, including the operating system, are only accessible after the user enters a pre-operating system password to decrypt the volume. The product must encrypt all removable media upon connection to the system and to let the system administrator refuse to mount a device for which the user has canceled encryption.
Among SEC's management and recovery requirements, the encryption product must let enterprise policies be centrally configured and be fully integrated with Active Directory for managing policies and user authentication.
The encryption product also must support single-sign on technology, so users only log into the bios-encryption application.
The product must be able to encrypt all portable media storage devices, including USB thumb drives, floppy disks, writable DVDs and CDs, and personal digital assistants' technologies.
Mary Mosquera is a reporter for Federal Computer Week.