Guidance Document - DoD SAFE Outage Guidance
Purpose
To implement temporary security control guidance for the transfer of controlled data in the event that DoD SAFE secure data transfer service is not available.
Scope
These procedures apply to all Purdue University research personnel, whether they utilize specialized equipment configurations as part of the campus infrastructure or they operate in a controlled environment, that make use of DoD SAFE (formerly AMRDEC SAFE) for secure data transfer functions. If the data to be transferred is located in a controlled environment, you are required to follow the approved data egress procedure for that environment.
Background
Recently it was announced that AMRDEC SAFE was replaced by DoD SAFE as of August 15th. For those that depend on this service for secure data exchange this guidance document was produced to provide alternative methods of secure data transfer in the event that DoD SAFE is unavailable. Two methods have been discussed to deal with this inconvenience that should meet the NIST SP 800-171 standard:
Procedures
Procedure 1 - Manual Mailing of media
Per NIST 800-171 3.8 Media Protection, if the mail solution is utilized:
- Where CUI must be moved off-site, a continuous chain of custody must be documented and maintained.
- Mark media with necessary CUI markings and distribution limitations.
- Implement cryptographic mechanisms to protect the confidentiality of information stored on digital media during transport outside of controlled areas.
- Purdue can leverage our classified shipping process to ensure compliancy.
Procedure 2 – Encrypted container, encrypted in transit
Per NIST 800-171 3.13 System and Communications Protection, if electronic transfer solution is utilized:
- Controlled data is moved from environment into a VeraCrypt container on removable media.
- Encrypted container is sent via FileLocker to recipient, providing both file encryption and transport encryption.
- Please take note the size of the data to be transmitted. FileLocker defaults at 1024MB but the quota can be increased.
- Recipient is provided passphrase to encrypted container in a separate FileLocker message or encrypted email.
- Removable media is securely scrubbed or destroyed following verification of data integrity by recipient.
Resources for downloading and operating VeraCrypt can be provided if needed.
Please contact:
Daren Wunderlich
dwunder@purdue.edu
765-496-2929
Contact Information
Address:
Young Hall, 5th floor
Room 548
155 South Grant Street
West Lafayette, IN 47907
Email: rsec@purdue.edu
Phone: (765) 494-1642
- Guidance Documents
- Foreign National Process for DOE
- Cybersecurity Tips and Resources During the COVID-19 Response
- SPS and OTC NDA Process with Export Controls (login required)
- Connecting to Weber (login required)
- Weber Endpoint Informational (login required)
- Social Distancing Guidance for Controlled Projects (login required)
- Teleconferencing Guidance for Controlled Projects (login required)
- Prior Approvals for Routine International Shipments (login required)
- Managing Export Control Risks in Contract Negotiations (login required)
- Non-Disclosure Agreement Process for Strategic Partners with Master NDAs (login required)
- Covered Information System Baseline Standard (login required)
- Marking Research Documents/Presentations and Ensuring Appropriate Access
- VeraCrypt Installation and Use
- Cybersecurity Tips and Resources for Academic Researchers
- Controlled Thesis Submission Process
- EAR Temporary License Exceptions
- Export Classification
- Engineering Example List
- Restricted Biological Agents
- International Shipping Documentation
- DoD SAFE Outage Guidance
- Fundamental Research and Government Contracts: Implications for Export Controls
- Cuban Travel