If a classified enclave contains SAMI and is accessed by individuals lacking an appropriate clearance for SAMI, then NSA-approved cryptography is used to encrypt all SAMI stored within the enclave.
MAC / CONF | Impact | Subject Area |
---|---|---|
CLASSIFIED | High | Enclave Computing Environment |
Threat |
---|
Without proper cryptography methods being used, it would affect the confidentiality, integrity, and availability of Sources and Methods Intelligence (SAMI). This implementation guide is aimed to help information owners implement proper cryptography to protect all SAMI information stored within the enclave. |
Guidance |
---|
1. The information owner shall determine if the classified enclave contains SAMI and is accessed by individuals lacking an appropriate clearance for SAMI. 2. If the classified enclave is affected, the system engineering team (e.g., project manager, system engineers, and IA personnel) shall perform the following: a. Obtain a list of NSA-approved cryptography algorithms and keys (e.g., AES, private and public keys) b. Research and obtain a list of NSA-approved encryption products (e.g., HAIPE devices) c. Perform an analysis of advantages and disadvantages of individual cryptography methods based on system’s operational requirements and available fund d. Select a cryptography method that is the most suitable to the system environment to encrypt SAMI information stored within the enclave e. Test the encryption capability in a lab environment f. Implement the NSA-approved cryptography into the system in the operational environment |