Skip to main content

Guidance Document - DoD SAFE Outage Guidance

Purpose

To implement temporary security control guidance for the transfer of controlled data in the event that DoD SAFE secure data transfer service is not available.

Scope

These procedures apply to all Purdue University research personnel, whether they utilize specialized equipment configurations as part of the campus infrastructure or they operate in a controlled environment, that make use of DoD SAFE (formerly AMRDEC SAFE) for secure data transfer functions. If the data to be transferred is located in a controlled environment, you are required to follow the approved data egress procedure for that environment.

Background

Recently it was announced that AMRDEC SAFE was replaced by DoD SAFE as of August 15th. For those that depend on this service for secure data exchange this guidance document was produced to provide alternative methods of secure data transfer in the event that DoD SAFE is unavailable. Two methods have been discussed to deal with this inconvenience that should meet the NIST SP 800-171 standard:

Procedures

Procedure 1 - Manual Mailing of media

Per NIST 800-171 3.8 Media Protection, if the mail solution is utilized:

  • Where CUI must be moved off-site, a continuous chain of custody must be documented and maintained.
  • Mark media with necessary CUI markings and distribution limitations.
  • Implement cryptographic mechanisms to protect the confidentiality of information stored on digital media during transport outside of controlled areas.
  • Purdue can leverage our classified shipping process to ensure compliancy.

Procedure 2 – Encrypted container, encrypted in transit

Per NIST 800-171 3.13 System and Communications Protection, if electronic transfer solution is utilized:

  • Controlled data is moved from environment into a VeraCrypt container on removable media.
  • Encrypted container is sent via FileLocker to recipient, providing both file encryption and transport encryption.
    • Please take note the size of the data to be transmitted. FileLocker defaults at 1024MB but the quota can be increased.
  • Recipient is provided passphrase to encrypted container in a separate FileLocker message or encrypted email.
  • Removable media is securely scrubbed or destroyed following verification of data integrity by recipient.

Resources for downloading and operating VeraCrypt can be provided if needed.

Please contact:

Daren Wunderlich
dwunder@purdue.edu
765-496-2929

Need Help?

Contact the Purdue Export Controls team by email at exportcontrols@purdue.edu, by phone at (765) 494-6840, or in person on the 10th floor of Young Hall (155 S Grant St.).

Purdue University, West Lafayette, IN 47907 (765) 494-4600

© 2024 Purdue University | An equal access/equal opportunity university | Copyright Complaints | Maintained by Office of Research

If you have trouble accessing this page because of a disability, please contact Office of Research at vprweb@purdue.edu.