DAR Protection for Devices on Rest

Any device that collects, stores, or processes classified information must comply with the requirements defined in the applicable CSfC Capability Package, including the dual-layer Data at Rest encryption model. This applies to End User Devices (EUDs), mobile platforms, and servers.

Devices

Personal Computing

PCs and workstations remain primary devices for collecting, processing, and storing sensitive mission data. These systems use secure storage devices in multiple form factors, including:

  • M.2 2280, which is the most widely used legacy form factor.
  • M.2 2230, which is an emerging form factor used in compact, low-profile systems.

Servers

Mission data requirements are driving the need for increasingly powerful computing at the edge. Servers capable of supporting multiple multi-terabyte drives are commonly deployed on the edge. These servers are increasingly compact, often weighing under 25 pounds and measuring about the size of a shoebox. Many platforms use removable storage trays, which increases the risk of unauthorized removal.

Servers utilize two forms of secure storage devices:

  • SATA Drive: uses the Serial Advanced Technology Attachment (SATA) interface to connect a mass storage device to a computer's motherboard. SATA drives are widely used for commercial applications.
  • U.2/ E3.S: U.2 and E3.S are computer interface standards and form factors used for high-performance Solid State Drives (SSDs). U.2 performance and flexibility make it the preferred storage for mission-critical applications.

An important additional consideration for server environments is support for multi-drive configurations. Systems that use Redundant Array of Independent Disks (RAID) require storage solutions that reliably support RAID operations.

Vehicles

Vehicles and unmanned vehicles collect, process, and store sensitive data including machine learning, IP, ISR (intelligence, surveillance, reconnaissance), and mission plans. Due to operating in contested environments, devices are highly vulnerable to loss and capture.

These endpoints will utilize a variety of secure storage devices including M.2 2230 and SATA and U.2/ E3.S enterprise drives that are identical to those used by PCs and Servers.

Additional considerations for manned and unmanned vehicles include:

Servers utilize two forms of secure storage devices:

  • Mission requirements may require SEDs to operate in extreme temperatures. If required, SEDs will need to meet Industrial (-40 to 85 C) or Automotive Standards (-40 to 105 C)
  • While not a specific requirement for CSfC DAR, data sanitization is critical for at-risk vehicles. Proper data sanitization ensures sensitive data is irrevocably destroyed. Programs should source solutions that provide remote, automated, rapid, and verified data destruction capabilities.

Industrial Control Systems

Industrial Control Systems (ICS) collect, process, and store sensitive apps, logs, and configuration files. Their central role in facility operations makes them frequent targets of espionage and sabotage.

These endpoints will utilize a variety of secure storage devices including M.2 2230 and SATA and U.2/ E3.S enterprise drives that are identical to those used by PCs and Servers.

SED Form Factors & Interfaces

Self-Encrypting Drives

  • M.2 2230
  • M.2 2280
  • U.2
  • E3.S
  • SATA (2.5")