SAMI information in transit through a network at the same classification level is encrypted using NSA-approved cryptography. This is to separate it for need-to-know reasons. This is in addition to ECCT (encryption for confidentiality – data in transit).
MAC / CONF | Impact | Subject Area |
---|---|---|
CLASSIFIED | Medium | Enclave Computing Environment |
Threat |
---|
Confidentiality of need-to-know information can be compromised easily when transmitted through a network in an unencrypted state. Certified cryptography methods provide important functionality to protect against intentional and accidental compromise and alteration of data. |
Guidance |
---|
1. NSA-approved cryptography shall be used to separate compartments or protect “need-to-know” information among cleared users on classified systems. For such uses the DAA may select the cryptographic mechanisms (including commercially available products) to be used after consulting with the Data Owner on requirements. The DAA shall also consult with NSA for assistance and advice regarding the security of the proposed implementation. They should pay particular attention to key management, since appropriate secure key management is an important factor in overall system security. 2. NSA approved cryptography consists of an approved algorithm; an implementation that has been approved for the protection of classified information in a particular environment; and a supporting key management infrastructure. 3. The NSA Director shall review and approve all cryptographic implementations intended to protect national security systems and/or national security information and provide advice and assistance to U.S. Government Departments and Agencies in identifying protection requirements and selecting the encryption algorithms and product implementations most appropriate to their needs. |