Data-at-Rest Solutions

Data-at-Rest Solutions

Now you can protect classified data up to TS on laptops and other devices using NSA-validated technologies.  When properly configured, NSA-validated Data-at-Rest laptops can simply be powered off and then handled as unclassified systems – allowing for easy transport and storage in between use at operational locations.

Ortman Consulting is an authorized SDVOSB reseller of KLC Group’s CipherDriveOne™ and CipherDrive2+ Full-Disk Encryption software.  This is one component of a two-tier DAR solution.  CipherDrive is the first Authorization Acquisition (AA) host encryption software solutions that meet NSA Data-at-Rest (DAR) and NIAP collaborative Protection Profiles (cPPs) for full disk encryption.

CipherDriveOne™ and CipherDrive2+ provide unparalleled protection to computers and servers using pre-boot disk locking. This software locks the entire hard drive – not just individual data files. NSA-grade encryption keys must be unlocked by an authorized account before the operating system, virtual machine, or any files stored on the protected disk can be read or executed. CipherDriveOne™ and CipherDrive2+ protect high-value, mobile, and deployed computing systems against unauthorized access, data theft, and privacy breaches.

When combined with an approved self-encrypting drive such as a Digistor hard disk, CipherDrive provide NSA-validated DAR protection for classified data up to TS.

Purchase DAR products from GSA

Key Features

  • Encryption – AES-256, FIPS PUB 197 specification
  • NIAP and Common Criteria FED Certification
  • Authentication Acquisition (AA) software
  • Compliant under collaborative Protection Profiles (cPP)
  • Pre-Boot Authentication (PBA) supports booting and chain loading
  • PBA Admin and Management capabilities
  • 2-Factor / Multi-factor Authentication support
  • Support for CAC/PIV/CIV and SIPRNET cards and tokens
  • Cryptographic Erase (CE)
  • User Management module
  • TPM 2.0 support
  • Key Management – No recovery feature
  • Boot package for initial setup and implementation of solution

Achieve Compliance with Global Data Protection Laws and Standards

  • Health Insurance Portability and
  • Accountability Act (HIPAA)
  • California Consumer Privacy Act (CCPA)
  • Sarbanes-Oxley Act (SOX)
  • General Data Protection Regulation (GDPR)
  • The Payment Card Industry Data Security Standard (PCI-DSS)


Pre-boot Locking and Strong Authentication

CipherDriveOne and CipherDrive2+ provide pre-boot authentication. Once a computing system powers on, CipherDriveOne prompts the user for authentication (password or smartcard token).

Military Grade Encryption

CipherDriveOne and CipherDrive2+ utilize military grade encryption algorithms with FIPS-140-2 and Common Criteria certification.

Multiple User Configuration

CipherDriveOne and CipherDrive2+ can be configured to allow multiple users to unlock drive or drives on a computing device.

Auditing and Logging

CipherDriveOne and CipherDrive2+ allow administrators to review audit logs and authentication reports. These reports can be used to meet privacy compliance laws.

Self-Destruct/Crypto Erase

CipherDriveOne and CipherDrive2+ support “self-destruct” of the encryption keys using a configurable “dead-man’s switch” feature. The Security Officer or Administrator can issue a Crypto Erase command to cryptographically erase all the data on the drive.

Secure Virtualized Systems


CipherDriveOne and CipherDrive2+ integrate with the latest hardware and software virtualization technologies.  Encryption protection at the volume/partition level makes management and configuration simple.  Chain boot services living outside CipherDrive’s Pre-Boot Authentication boundary makes it easier to integrate into OpenXT, SecureView, and other VM systems.

Special Features of CipherDrive2+

CipherDrive2+ allows managing and unlocking multiple physical drives on the same computing device from one single local interface.  This feature is especially useful for higher-end computers and servers in mobile and deployed environments where DAR must be implemented across multiple hard drives.

System Requirements

Disk types supported: SATA/NVMe OPAL-2 compliant Self Encrypting Drives (SED) drives – Ortman Consulting offers compatible Digistor drives bundled with CipherDriveOne software through our GSA Advantage purchase portal

Operating Systems supported:  Windows, Linux, OpenXT



Security Service CNSA Suite Standards Protection Level
Confidentiality (Encryption) AES-256 / FIPS PUB.197 Up to Top Secret
Authentication (Digital Signature) Elliptic Curve Digital Secure Algorithm (ECDSA) over the curve P-384 with SHA-384 / FIPS PUB 186.4 RSA 3072 (Minimum) / FIPS PUB 186.4 Up to Top Secret
Integrity (Hashing) SHA-384 / FIPS PUB 180-4 Up to Top Secret


All product names, trademarks and registered trademarks are property of their respective owners.