+ Notices
 + DAR Encryption Overview
 + Installation Types
 + User Guide (HQ)
 + DAR Deployment FAQs
 + PGP Password Guide

+ Agency DAR Web Page*
+ Agency DAR FAQs*

This page contains HQ-specific information regarding the Data-at-Rest (DAR) encryption deployment project at Headquarters. Additional information is available on the Agency DAR Web page.

As mandated by Federal law and Agency policy, all NASA-issued laptops, as well as desktops with sensitive data, must have Data-At-Rest (DAR) whole-disk encryption software. The NASA OCIO directed that all Centers complete this activity by December 21, 2012.

Per the Agency directive dated November 13, 2012, no NASA-issued laptops containing sensitive information may be removed from a NASA facility unless DAR encryption software is enabled OR any sensitive files are individually encrypted (using Entrust PKI).

Important Resources

DAR Encryption Process Overview
+ View PDF *

DAR Deployment FAQs
(specific to deployment at HQ)
+ View PDF *

PGP Password Guide
+ View PDF *

Purpose of DAR Encryption

Due to the risk of critical data loss in the event of lost or stolen computers, NASA is in the process of implementing Data-at-Rest (DAR) encryption on all laptop computers as well as desktop computers with sensitive data (e.g., Personally Identifiable Information (PII), Sensitive But Unclassified (SBU), International Traffic in Arms Regulations (ITAR), Export Administration Regulations (EAR) data).  DAR encryption helps mitigate the risk of critical data loss in the event of a lost or stolen computer.

About DAR Encryption

With DAR encryption, the data on the computer is encrypted when your computer is not in an active state (e.g., when the power is turned off or the device is in hibernation mode). Therefore, the data will not be accessible in the event of computer loss or theft. DAR software encrypts every sector of the hard drive inside the computer and only allows authorized NASA users to log in past that encryption.

Encrypting Individual Files and E-mail

DAR does not take the place of Entrust PKI for encrypting individual files or for sending encrypted e-mail messages. E-mail messages sent from your laptop or desktop will be unencrypted unless you use Entrust to protect the message. DAR is designed solely to protect against the loss or theft of your computer (i.e. a laptop stolen from a car or left in an airport lobby).

Critical Users: Users at HQ identified as “critical users” received the DAR encryption software based upon their handling of sensitive information.

Refreshed Computers: Users receiving refreshed computers will already have the DAR encryption software installed. Users must complete the enrollment step to complete the DAR deployment process.

General deployment: DAR encryption for remaining Windows and Macintosh laptops was completed on December 21, 2012.

Resources
* Accessible to NASA only

DAR Deployment FAQs
(specific to deployment at HQ)
+ View PDF *

Symantec PGP Password Guide
+ View PDF *

DAR Encryption Overview (for NASA HQ)
(2-page informational sheet)
+ View PDF *

DAR Installation Types (for NASA HQ)
(matrix explaining different types of installations)
+ View PDF *

DAR User Guide For HQ Users
(Customized for NASA HQ)
+ View PDF *

DAR Video
+ View File *

User Leave Behinds
* Accessible to NASA only

DAR Leave Behind (Refreshed Computers)
(Customized for NASA HQ)
+ View PDF *

DAR Installation Guide (Automated Installation)
(Customized for NASA HQ)
+ View PDF *

DAR Leave Behind (Manual Installation)
(Customized for NASA HQ)
+ View PDF *

For technical support, contact the Enterprise Service Desk (ESD): Submit a ticket online or call 358-HELP (4357).