About IA at NSA Partners Rowlett Awards Award Recipients Background Nomination Procedures Links IA Client and Partner Support IA News IA Events IA Mitigation Guidance Media Destruction Guidance Security Configuration Guides Applications Archived Guides Cisco Router Guides Database Servers Fact Sheets Industrial Control Systems (ICS) IPv6 Operating Systems Supporting Documents Switches VoIP and IP Telephony Vulnerability Technical Reports Wireless System Level IA Guidance TEMPEST Overview TEMPEST Products: Level I Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Products: Level II Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Company POCs Certified Suspended Terminated Trusted Computing IA Academic Outreach National Centers of Academic Excellence in IA Education Colloquium Institutions SEAL Program IA Courseware Evaluation Program Institutions Student Opportunities IA Business and Research IA Business Affairs Office Certified Product Sales and Support Commercial COMSEC Evaluation Program Commercial Satellite Protection Program Independent Research and Development Program User Partnership Program Partnerships with Industry NIAP and COTS Product Evaluations IA Programs Commercial Solutions for Classified Program Global Information Grid High Assurance Platform HAP Technology Overview HAP Technology Partner Program HAP Resource Library Inline Media Encryptor Suite B Cryptography NSA Mobility Program IA Careers Contact Information
Inline Media Encryptor
The Inline Media Encryptor (IME) is a government-developed media encryption device. It is positioned "in line" between the computer processor and hard drive to ensure that anything stored to the hard drive gets encrypted and anything retrieved from the hard drive gets decrypted. The IME protects data classified Top Secret and below. Data stored on the hard drive is considered unclassified when encrypted. The IME was certified 26 November 2006.
How the IME Works
The IME provides Type 1 Encryption on a computer's Integrated Device Electronic (IDE) hard drive. It encrypts all physical sectors, including the Operating System (OS). With the IME physically positioned between the computer system and its hard drive, all data must pass through the IME and is stored encrypted on an IDE hard drive. Only those files "called" from the hard drive get decrypted. The hard drive always remains encrypted.
The IME meets emergency zeroization requirements for the rapid zeroization of data - without destroying the computer or rendering the data completely unrecoverable. Once the emergency zeroization mechanism is initiated, an adversary will have no way to obtain the information stored on the hard drive without the Crypto-Ignition Key (CIK). However, methods are in place to restore data if zeroized.
There are two types of IMEs, the KG200 and KG201.
IME Features and Benefits
For Mobile Users
IME Key Management
IME Purchasing Options
Customers can purchase the IME through NSA's IDIQ contract. Contract number is H98230-08-D-0096. Customers may also purchase devices directly from ViaSat, Inc.
To learn more about the IME and purchasing, contact:
Date Posted: Jan 15, 2009 | Last Modified: Jun 8, 2012 | Last Reviewed: Jun 8, 2012