Skip to main content

Guidance Document - AMRDEC SAFE Outage Guidance

Purpose

To implement temporary security control guidance for the transfer of controlled data while AMRDEC SAFE secure data transfer service is not available.

Scope

These procedures apply to all Purdue University research personnel, whether they utilize specialized equipment configurations as part of the campus infrastructure or they operate as a part of the REED environment, that make use of AMRDEC SAFE for secure data transfer functions. If the data to be transferred is located in the REED environment, the normal two-party air lock egress of data should be used to download the data and make ready for transport using one of the following procedures.

Background

Recently it was announced that AMRDEC SAFE is current down, possibly long-term: https://safe.amrdec.army.mil/sitedown/. For those that depend on this service for secure data exchange this is an unwelcome issue that requires temporary security procedures to be put into place until which time AMRDEC SAFE is brought back online. Two methods have been discussed to deal with this inconvenience that should meet the NIST SP 800-171 standard:

Procedures

Procedure 1 - Manual Mailing of media

Per NIST 800-171 3.8 Media Protection, if the mail solution is utilized:

  • Where CUI must be moved off-site, a continuous chain of custody must be documented and maintained.
  • Mark media with necessary CUI markings and distribution limitations.
  • Implement cryptographic mechanisms to protect the confidentiality of information stored on digital media during transport outside of controlled areas.
  • Purdue can leverage our classified shipping process to ensure compliancy.

Procedure 2 – Encrypted container, encrypted in transit

Per NIST 800-171 3.13 System and Communications Protection, if electronic transfer solution is utilized:

  • Controlled data is moved from environment into a VeraCrypt container on removable media.
  • Encrypted container is sent via FileLocker to recipient, providing both file encryption and transport encryption.
    • Please take note the size of the data to be transmitted. FileLocker defaults at 1024MB but the quota can be increased.
  • Recipient is provided passphrase to encrypted container in a separate FileLocker message or encrypted email.
  • Removable media is securely scrubbed or destroyed following verification of data integrity by recipient.

Resources for downloading and operating VeraCrypt can be provided if needed.

Please contact:

Daren Wunderlich
dwunder@purdue.edu
765-496-2929

Need Help?

Contact the Purdue export control/information assurance team by email at exportcontrols@purdue.edu, by phone at (765) 494-6840, or in person on the 3rd floor of Hovde Hall.

Purdue University, West Lafayette, IN 47907 (765) 494-4600

© 2019 Purdue University | An equal access/equal opportunity university | Copyright Complaints | Maintained by Office of the Executive Vice President for Research and Partnerships

If you have trouble accessing this page because of a disability, please contact Office of the Executive Vice President for Research and Partnerships at vprweb@purdue.edu.