NSA Approves SPYRUS Hyrda PC For Protection Of Classified Government Data

Approval permits organizations to safely transport classified data on a portable USB encryption drive

November 6, 2009

4 Min Read


SAN JOSE, Calif.--(BUSINESS WIRE)--SPYRUS, Inc. today announced that the patented SPYRUS Hydra Privacy Card' Series II (Hydra PC) Personal Encryption Device is the first and only commercially available Suite B On Board' encryption product that is approved to protect tactical data in accordance with CNSS Instruction 4009 at the SECRET level and below, when used with the approved operational security doctrine. Continuing its innovation and leadership in the field of high-assurance security products, the SPYRUS Hydra PC successfully completed a detailed review by the National Security Agency (NSA) against strict security requirements for protecting data at rest in a personal USB memory device. No other commercial-off-the-shelf (COTS) personal USB encryption device has ever passed such a groundbreaking review or met these strict security requirements. The Hydra PC is also validated to FIPS 140-2 Level 3.

Until today, government and business organizations handling classified data were limited to expensive Type-1 encryption devices. As the only approved commercially available USB encryption product, the pocket-sized Hydra PC is an extremely cost-effective alternative to Type 1 products for securing classified data. It is exempt from Type-1 device lifecycle procedures—and the personal liabilities for mishandling Type-1 products—and it requires no Controlled Cryptographic Item (CCI) approvals or auditing. This gives organizations a flexible, easy-to-use mechanism to protect and transport tactical data at the SECRET level.

The Hydra PC is not limited to protecting classified data. It can also be used by government and commercial organizations to protect valuable data and personally identifiable information, with the strong security used to protect classified data.

In order to meet NSA requirements for classified use, the Hydra PC implements advanced COTS security features. Hydra PC encrypts data on an individual file/folder basis, which provides much stronger security than standard sector-based encryption. It uses the strongest commercially available cryptographic algorithms (ECC P-384, AES-256 and SHA-384) to hash, compress, encrypt, digitally sign, and seal individual files and folders.

All encryption is performed in hardware within a tamper-resistant security boundary. Private keys cannot be imported, exported, or corrupted. The advanced hardware-based security protects against sophisticated hacker attacks. For added security against "brute-force" attacks, the Hydra PC permanently deletes the encryption keys after 10 incorrect PIN entries, rendering the encrypted data undecipherable.

Use of the Hydra PC can be limited to administrator-authorized computers within a defined enclave, preventing removal of sensitive data or unauthorized access to the Hydra PC or its data. Even with the correct PIN, the encrypted data cannot be decrypted outside of the secure enclave.

"We are extremely proud to have worked very closely with NSA to qualify the Hydra PC as a product secure enough to safeguard tactical data at the SECRET level. The Hydra PC goes beyond conventional data encryption by uniquely providing data containment through its advanced security techniques. AES encryption alone, without equally strong key management and a secure implementation, is just not good enough to protect sensitive data," said Tom Dickens, SPYRUS Chief Operating Officer. "For the first time in history, NSA has approved a personal USB memory device that every DoD or Federal employee and contractor can purchase to protect tactical data at the SECRET level and below, without the burden of Type-1 security paperwork and controls."

About SPYRUS, Inc.

SPYRUS, Inc. provides high-assurance security technology for the U.S. Government, industries required to comply with security regulations, and everyday users who want the best protection for sensitive information. All Secured by SPYRUS security technology is designed, developed, and manufactured entirely in the USA. SPYRUS hardware and software support the strongest commercially available cryptographic algorithms, including elliptic curve cryptography (ECC) and AES-256, which exceed the U.S. Government Suite B standard for SECRET data. SPYRUS holds patents in the U.S. and abroad that enable peripheral device solutions for data-at-rest storage, secure authentication, secure communication, and full disk encryption, as well as patents relating to data protection and rights management for digital content. SPYRUS, Inc. is headquartered in San Jose, California. See www.spyrus.com for more information.

SPYRUS, the SPYRUS logo, Hydra Privacy Card, Hydra PC, Suite B On Board and Secured by SPYRUS are either registered trademarks or trademarks of SPYRUS, Inc., in the U.S. and/or other jurisdictions. All other company, organization and product names are trademarks of their respective organizations.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights