Many threats against end user devices, such as desktop and laptop computers, smart phones, personal digital assistants, and removable media, could cause information stored on the devices to be accessed by unauthorized parties. To prevent such disclosures of information, the information needs to be secured. This publication explains the basics of storage encryption, which is the process of using encryption and authentication to restrict access to and use of stored information. The appropriate storage encryption solution for a particular situation depends primarily upon the type of storage, the amount of information that needs to be protected, the environments where the storage will be located, and the threats that need to be mitigated. This publication describes three types of solutionsfull disk encryption, volume and virtual disk encryption, and file/folder encryptionand makes recommendations for implementing and using each type. This publication also includes several use case examples, which illustrate that there are multiple ways to meet most storage encryption needs.
Citation: Special Publication (NIST SP) - 800-111
NIST Pub Series: Special Publication (NIST SP)
Pub Type: NIST Pubs
computer security, mobile device security, removable media security, storage encryption, storage security