NHSInformationGovernance

Guidelinesonuseofencryptiontoprotectpersonidentifiable andsensitiveinformation
1. Introduction DavidNicholson,NHSChiefExecutive,hasdirectedthatthereshouldbeno transfersofunencryptedpersonidentifiabledataheldinelectronicformat acrosstheNHS.Thisisthedefaultpositiontoensurethatpatientandstaff personaldataareprotected.AnydatastoredonaPCorotherremovable deviceinanonsecureareaoronaportabledevicesuchasalaptop,PDAor mobilephoneshouldalsobeencrypted.Thisisalsonowarequirement acrossallpublicsectororganisationssetbytheCabinetSecretary. ItisrecognisedhoweverthatthismaytakesometimetoachieveintheNHS wherepatientcareisourhighestpriority.NHSbodieswillneedtomakea localjudgementonthebalanceofrisktopatientcareagainstrisktopersonal datasecurityindeterminingwhetheruseofunencrypteddevicesshould continueasaninterimmeasure.Whereitisfeltthatcontinuedrelianceupon unencrypteddataisnecessaryforthebenefitofpatients,theoutcomeofthe riskassessmentmustbereportedtotheorganisationsBoard,sothatthe Boardisappropriatelyaccountableforthedecisiontoacceptdatavulnerability ortocurtailworkingpracticesintheinterestsofdatasecurity.

2. Dataencryptionapplications NHSConnectingforHealthisalreadyimplementingarobustNHSinformation governancearchitecturethatcontainsstronginbuiltencryptionfunctionality forthosecoreservicesitprovides.Securityservicesimplementedwithinthis architectureprotecttheflowsofpatientinformationbetweencomponentparts ofconnectednationalandlocalapplications,andautomaticallyencrypt transmissionofemailedinformationcommunicatedthroughtheNHSmail servicebetweenNHSmailendpoints.Toolsarealsoprovidedwithin applicationsprovidedbyNHSCFHforencryptingremovablemediaas explainedatAnnexA. ForthoseothersystemsunderlocalNHSorganisationcontrol,thereisa requirementthattheownersofthosesystemsshouldconsider,selectand whererelevantimplementsimilarsecurityprotectionsthatcomplywith expectedNHSInformationGovernancepolicy,standardsandlegal 1 requirements . GuidanceonpotentialencryptiontoolsisprovidedatAnnexB.

TheNHSCodeofPracticeonInformationSecuritycanbefoundat http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidanc e/DH_074142

NHSInformationGovernance

NHSorganisationsshouldadoptastructuredapproachtotheidentification, implementationandmanagementoftheirlocaldataencryptionneeds.This willnormallycomprisefivestages: Performriskassessmentandidentifyoutlinedataencryptionneeds Developalocaldataencryptionpolicy Establishlocalrolesandresponsibilities Definehowdataencryptionwilloperatewithinthelocalinfrastructure andwithbusinesspartnersincludingbusinessimpactanalysis Implementandmonitordeployedsolutioneffectiveness. AnencryptionrequirementscontrolformisprovidedatAnnexCto supplementthisguidanceandwillbehelpfulinlocallydevelopingthese stages. 3.NHSInformationGovernancedataencryptionstandards ForthosesystemsunderlocalNHScontrol,theElectronicGovernment InterfaceFramework(Egif)TechnicalStandardsCatalogueversion6.2 identifiescurrenttechnicalsecuritystandards,includingthosefordata encryptionthatshouldbeapplied.Thiscatalogueisavailabletodownloadat http://www.govtalk.gov.uk/schemasstandards/egif_document.asp?docnum=95 7 Inbriefsummary,theNHSIGdataencryptionalgorithmscurrentlyapplicable are: 3DES(168bit) AES256 Blowfish

Thesealgorithmsshouldbeusedwitharecommendedminimumkeylengthof 256bitswhereavailable.This isthestandardwearemovingtowardsand whilsttacticaldeploymentsoflessrobustencryptionareacceptablefornow thisshouldbekeptunderreviewandstrongerencryptionintroducedwhen practicable. Wheredataistobetransferredacrosstheinternetorbyremovablemediaitis recommendedthatAES256encryptionisemployed.Thisstandardisavailable whenusingapplicationssuchasPGPorWINZIPversion9.Withthese productsthedatacanbeputintoaSelfDecryptingArchive(SDA)asthe softwarethatcreatedthearchivedoesnotneedtobeinstalledonthe recipientscomputer.Thepassphraseforthearchivemustbeofan appropriatelengthandcomplexity.Toensurethesafetyofdataintransitthe passphraseshouldbecommunicatedtotherecipientseparatelyfromthe encrypteddatasothattheintendedrecipientistheonlyoneabletodecrypt thedata.

NHSInformationGovernance

AcomprehensivetechnicalgoodpracticeguidelineoverviewofApproved CryptographicAlgorithms,includingSecureSocketsLayer(SSL)and TransportLayerSecurity(TLS)hasbeenproducedbyNHSConnectingfor Healthandisavailablefordownloadat http://nww.connectingforhealth.nhs.uk/infrasec/gpg/acs.pdf NHSConnectingforHealthhascompletedthenationalprocurementofan encryptionsolutionforremovablemediaandfulldiskencryptiononbehalfof theNHS.ForallthelatestinformationrelatingtotheNHSencryptiontool initiativepleaseseetheencryptiontoolwebsite,at: http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/security/e ncryptiontool

Anyfurtherqueriescanbedirectedtocfh.encryptiontool@nhs.net

DigitalInformationPolicy DepartmentofHealth 31January2008

NHSInformationGovernance AnnexA

CfHprovidedencryptiontechnologies
ThroughouttheNHStechnologiesareavailabletoorganisationswhichmay satisfysomerequirementsfortheencryptionofsensitivedata.Itshouldbe notedthough,thatencryptionproductsdohavesomeinherentrisksandthese shouldbefullyunderstoodbeforeimplementinganysolution.Understanding theserisksisprobablybestachievedbyconductinganappropriaterisk assessment.Thereisalsotheneedtodeterminethatthespecifiedbusiness requirementswillbemetviatheencryptionproduct.

MicrosoftOperatingSystems
MicrosoftWindowsoperatingsystemsincorporatetechnologieswhichenable administratorstoallowsectionsofthefilesystemtobeusedsuchthat documents(files)storedinthoseareasareencrypted.Theimplementationof encryptionwithintheMicrosoftOperatingSystemsuitevariesbetween versionsoftheOS,abriefoverviewisshownbelowandfurtherinformation canbefoundintheforthcomingAdviceandGuidancedocumentpreviously mentioned. EncryptingFileSystem(EFS) MicrosoftoffersatechnologyknownasEncryptingFileSystem(EFS)andthe capabilitiesofthistechnologyhaveimprovedinlaterversionsoftheOperating System.ItshouldbenotedthatwhilsttheDESXalgorithmisnot recommendedasmeetingrequiredencryptionstandards,itmaybesuitablein somecaseswhereashorttermsolutionisrequired. MicrosoftVersion Windows2000 DefaultAlgorithm DESX Notes Deployableonlyin standalone configuration Policybaseddomain integration

WindowsXPRTM WindowsXPSP1and above WindowsVista/Server 2008

DESX AES AES

Bitlockerfeatures available

TheuseofencryptioninpriorversionsofMicrosoftOperatingSystemsis reliantuponthirdpartysoftwarewhichmaynotmeetcurrentencryption standardsandmaynotincludecontinuingsupport. ItshouldbenotedthatEFSisenabledbydefaultinallversionsofMicrosoft WindowsfromWindows2000onwardsunlessitsusagehasbeendisabledvia GroupPolicyoratinstallation.Thismayinitselfrepresentaprobleminthat userswithinorganisationscouldbeusingEFSpresentlyunbeknownstto

NHSInformationGovernance

administratorsandwithoutpropercontrolormanagementoftheencryption keys. PriortoorganisationsusingEFS,thereareanumberofconsiderationswhich needtotakeplaceincluding: WhatsystemsEFSshouldbeusedupon(often,thisismobiledevices, butcouldbedesktopcomputersassessedasvulnerabletotheft)

2 Whichfiles/directoriesusersshouldbeabletouseEFSwith

WhotheDataRecoveryAgents(DRAs)willbe(i.e.thoseuserswho canrecoverencrypteddatawherethecertificateusedforencryption hasbeenlost,deleted,revokedorcorrupted.) WhethercertificatesforusewithEFSwillbeissuedviaacentralised(to thehostorganisation)certificateissuingauthority(preferred)or whetherselfsignedcertificateswillbeused HowcertificateswillbemanagedtoenableEFStobeusedinsucha waythateitherthekeysortheencrypteddatacanberetrievedifthey arelostorcorrupted ProvidingappropriateadviceandguidancetousersonhowtouseEFS Understandthattheinitialencryptionoflargeamountsofdatawhen firstenablingEFSonanexistingoperatingsysteminstallationmaytake sometime.

TheseconsiderationsandothersarevitaltoensurethatEFSuseismanaged andcontrolledinawaythatmeetstheorganisationsandanyregulatory/legal requirements. BitLockerDriveEncryption TheEnterprise(coveredbytheNHSMicrosoftEnterpriseAgreement)and Ultimate(thepremierconsumeredition)versionsofWindowsVistacontaina technologyknownasBitLocker.UnlikeEFSwhichonlyallowsfilesand directoriestobeencrypted,BitLockerprovidesfullvolumeencryptionakinto rd thetypeoffulldiskencryptionpreviouslyonlyprovidedby3 partyproducts. TheEnterpriseeditionofWindowsVistaisavailabletoallNHSorganisations whobuyacopyofMicrosoftWindowsVistaBusinesswithanynewhardware (orwhobuyaboxedversionofMicrosoftWindowsVistaBusinessthrougha resellerinordertoupgradeexistinghardware).BitLockerisnotavailableon MicrosoftWindowsXPorWindowsVistaBusiness.
2

TheCUIdocument,MicrosoftInfrastructureSecurityGuidanceprovidesasamplescript whichcouldberolledouttoappropriatesystemstoallowcertainareasofthefilesystemto useEFSaswellasadditionalguidanceontheuseofEFS.Thisdocumentisavailablefrom http://nww.cui.nhs.uk/(N3linkandregistrationrequired.)

NHSInformationGovernance

AswithEFS,itisnecessarytoensurethatappropriateconsiderationsare takenintoaccountbeforeusingBitLockerandthatitwillmeetthe organisationsbusinessrequirements.Somesuchconsiderationsare: BitLockerrequiresaTrustedPlatformModule(TPM)v1.2chip 3 availableonthesystemitistobeenabledon DeterminewhichsystemswithintheorganisationwilluseBitLocker (generally,thiswouldprobablybelaptopsthoughitcouldbeusedon anysystemrunningVistaEnterprisewhichholdssensitivedatawhich needstobeprotectedatrest.) TheharddiskofthecomputerrunningWindowsVistaEnterprisemust beappropriatelypartitioned AmethodofmanagingtherecoverykeyusedbyBitLockerintheevent oflossordamageofthestartupkeyneedstobeputinplace.Where willsuchkeysbesecurelystoredandhowforexample. DeterminewhetherBitLockerwillbeenabledonsystemsatfirstuseor whetheritisnecessarytoenableitonsystemsthathavealreadybeen deployed. Understandthattheremaybeasmallperformanceimpactonsystems withBitlockerenabled(althoughthisisunlikelytobenoticeableonnew hardware). Understandthatinitialencryptionofthediskcantakesometime 4 dependingonsystemperformanceandsizeofvolume

AswithEFS,therearemanyimportantconsiderationstotakeintoaccount priortoenablingBitLockeronapplicablesystems,notleastthatitsusemeets businessaswellasregulatory/legalrequirements.

ItisactuallypossibletogetBitLockerworkingonsystemswithoutaTPMchipviaGroup Policy.Seehttp://technet2.microsoft.com/WindowsVista/en/library/c61f2a128ae64957b031 97b4d762cf311033.mspx?mfr=true(Section3).Notethatusingthismethodmaynotprovide enoughprotectiontothestartupkeyforBitLockerunlessthekeysareproperlyprotectedvia othermeans.

4

Microsoftsuggeststhat1Ggigabyteperminuteisusual.SeetheBitLockerFAQ: http://technet2.microsoft.com/WindowsVista/en/library/58358421a7f54c97ab41 2bcc61a58a701033.mspx?mfr=true.

NHSInformationGovernance AnnexB

InterimEncryptionSolutionsforDataSecurity
Context
Theuseofencryptiontosecuresensitivedatawhichisstoredandtransmitted throughouttheNHSisacrucialrequirementtoensurethattheconfidentiality ofdataismaintained.Thisguidanceprovidesinformationrelatingtoanumber ofproductswhichmaybeusedasinterimmeasurestoprotectdatapriorto theprocurementofsolutionswhichmayprovidegreatermanagement capabilitiesandcontrolofdataencryption.

Guidance
Thefollowingguidanceprovidesdetailedinformationrelatingtoproducts whichcanbeobtainedreadilyontheinternet.Theseproductsinclude freewareandopensourcealternativestocommerciallyavailableproductsby theirnaturetheymaynothavetechnicalsupportavailableandshouldbeused withappropriatecare. Pleasenotethatlistingoftheseoranyproductheredoesnotconstitutea recommendationorendorsementofanyspecificvendororencryptionproduct orarecommendationtodownload,buyorinstallanyspecificproductbyNHS ConnectingforHealth. TrueCrypt(http://www.truecrypt.org/) TrueCryptprovidesencryptedcontainerfileswhichcanbemountedaslogical driveswithintheoperatingsystem.Avarietyofencryptionalgorithmsare availablewithintheproductandcreationofencryptedvolumesisextremely easy.TrueCryptcanbeusedintwowaystoprovidesecurityofdataatreston acomputerandalsotoprotectmobiledataonremovablemedia. TrueCryptdoesnotprovideanycentralisedmanagementfeaturestherefore thebackupofkeysandtheencryptvolumesthemselvesmustbemanagedby theuserorsuitablesupportfunction.Itiscriticalthatthebackupsaremadeof theTrueCryptvolumesthemselves,theheaderfilesofthevolumes,anykey filesusedandthepassphrasetoaccessthevolumeforrecoverypurposes. Guidanceisprovidedbelowtoenableuserstomakeasuitablebackupofthe headerofTrueCryptvolumesforrecoverypurposesandalsohowtoconfigure TrueCryptforremovablemedia. BackinguptheTrueCryptvolumeheader WhencreatingaTrueCryptvolumeforthefirsttime,apassphraseshouldbe chosenwhichcanbestoredwiththevolumeheaderwhichwillnotbeusedfor regularmountingofthevolume.Oncethevolumehasbeencreated,select thevolumefileandutilisetheBackupHeadertoolwithintheToolsmenu.This willcreateabackupfileofthecurrentvolumeheaderwhichshouldbeburntto CDorstoredsecurelyalongwiththepassphrasewhichwasusedtocreate thevolume.

NHSInformationGovernance

Oncetheheaderhasbeenbackedup,thevolumepassphrasemaybe changedtoavaluewhichmeetstherequirementsofthelocalpassword policy.Thevolumemaynowbemountedbysupplyingthepassphraseand selectingthedrivelettertobeassociatedwiththevolume.Oncemounted,the volumeappearssimplyasadriveletterandfilesmaybedraggedand droppedasrequired.Whennolongerrequired,thevolumecanbe dismountedandallthefileswhichhadbeensavedonthemounteddrivewill berenderedinaccessiblewithoutthepassphrase(andkeyfilesifused). UsingTrueCryptinTravellerMode TrueCryptoffersafeaturewhichwillenableuserstosecuredataonrewritable removablemediasuchasUSBmemorysticksandmemorycards.Thismode copiesonlytherequiredfilestotheUSBstickandcreatesanencrypted volumewhichcanbemountedwhentheUSBstickisinsertedintoa computer.Notehowever,AdministratorprivilegesarerequiredtorunaUSB stickinTravellermodeforthefirsttimeonamachineduetotheneedtoinstall adevicedriver. TocreateaTravellerDisk,selectTravellerDiskSetupfrom theToolsmenu withintheTrueCryptmainwindow.SelecttheappropriateUSBdeviceforthe rootfilesanddeterminewhatactionstotakewhenthedeviceisinserted.For deviceswhichwillbeusedfrequently,itisrecommendedthattheAutoMount optionisselectedandthatthepasswordisNOTcachedinmemory.Oncethe setuphascreatedtherelevantfilestheuserwillhavetocreateaTrueCrypt volumeusingthenewvolumeutilityatthelocationwhichwasspecifiedinthe Travellersetup. AswithallTrueCryptvolumes,theguidanceaboveonthebackupofa suitablefileheaderandpassphraseishighlyrecommendedtoensureaccess todataiftheworkingpassphraseislostorforgotten. GnuPrivacyGuard(http://www.gnupg.org/index.en.html) GnuPrivacyGuard(GPG)istheopensourcealternativetothecommercially availablePGPwhichprovidescomprehensiveintegrationandcentralised management.GPGprovidesthecoreencryptioncapabilitiesrequiredto encryptandsignfilesorsignemails.Thealgorithmswhichareavailablewithin thissoftwaremeetorexceedthestandardswhichhavebeenprovidedbythe 5 NHSCFHISTApprovedCryptographicAlgorithmsGoodPracticeGuideline . GPGdoesnotprovideanycentralmanagementfunctionsandshouldbe consideredasastandaloneproductwhichwillrequireadditionallocalsupport toensurethatcriticalfilesarebackedupsecurely. CryptainerLE(http://www.cypherix.co.uk/cryptainerle/index.htm) CryptainerLEisafreeversionofthecommercialCryptainersoftwarewhich offerssimilarcapabilitiestoTrueCryptalthoughthefreeversionhasalimitof
5

http://nww.connectingforhealth.nhs.uk/infrasec/gpg/acs.pdf

NHSInformationGovernance

25MBforsecurecontainers.Thisproductalsooffersencryptionofindividual filesusingtheBlowfishalgorithmandwhenutilisingthisfeature,strong passphrasesshouldbeusedtosecurethedataagainstabruteforceattack. Securingafilefordeliverybyemailoronremovablemedia CryptainerLEprovidestheabilitytoencryptindividualfilesthiscanbe accessedbyclickingontheSecureEmaillinkonthemainCryptainerLE window.Oncetherequiredfilehasbeenselected,apassphraseshouldbe enteredtosecurethefileagainstbruteforceattacks.Itisrecommendedthat anEncryptedSelfExtractorfileiscreatedwhichwillnotrequireanysoftware tobeinstalledonthedestinationmachinethismaycauseproblemswith someemailsystemswhichdonotallowexecutablefilestobetransmittedand maybebestsuitedtotransferonremovablemedia. ThereisnobackdooraccesstothefileswhicharecreatedbyCryptainerLE andthereforethesecurityandavailabilityofthepassphrasearecrucial.Ifan encryptedfilemayberequiredforanextendedperiodoftime,thepassphrase shouldbenotedandstoredsecurelyinaphysicallysecureareasuchasa safewhichhasrestrictedaccess. AxCrypt(http://www.axantum.com/AxCrypt/Features.html) AxCryptisasoftwarepackagewhichallowsuserstoencryptfilesthroughthe standardsWindowsexplorerrightclickmenusandprovidesAES128 encryption.Onceinstalled(requiresAdministratorrights)theusercansimply rightclickonafiletoencryptitbyprovidingapassphrase.Itshouldbenoted thattherecipientofthefilewillrequireeitherthefullversionofAxCryptorthe AxDecryptutilitytodecryptthefilewiththerelevantpassphrase.

GeneralGuidanceontheuseofencryptionproducts
Theuseofencryptionproductscanprovideanorganisationwitha measurableincreaseinoverallsecurityalthoughthereareanumberofareas whichmustbetakenintoconsiderationwithproductssimilartotheones mentionedwithinthisguidance.Noncommercial(andsomecommercial) productsmaynotprovidetherelevantmanagementfunctionalitywhichwillbe requiredbylargerorganisationstosupportlargeuserbases.Thetypesof productswhichareavailabletoindividualsmayonlymeetinterim needswhilst otherproductsareprocured.

NHSInformationGovernance AnnexC
Requirementsforthelocaluseofdataencryptionproducts(page1of3) ThefollowingrecordwillassistNHSorganisationstoidentifylocalrequirementsfordata encryptionandhowtheywilladdressthem.Theformmaybeusedinconjunctionwithcentrally procuredNHSencryptiontools,orwherethisisnotpossibleforthoseencryptiontoolsprocured locally.Arecordshouldbeprovidedforeachuseofencryptionintheorganisation. Nameofindividualcompleting questionnaire: Title: Date: Businessarea:

Signature:

Nameofcryptographicproduct:

Nameofbusinesssystem:

Provideanoverviewofwhattheproductisusedforandthescaleofusage:

Rationaleforuse
Whatarethevulnerabilitiesbeingaddressed?

Providedetailsofanyformalriskanalysiscarriedoutandofthebusinesscasemade:

Individualresponsibleforauthorisingusage:

Isthisatacticalorastrategicsolution?

Providedetailsofanyknownplansforchangesorextentofusageforthisproduct:

Operationalmanagementarrangements
Whoisresponsibleforoperationalmanagement?

Providedetails/referencesforanydocumentedoperatingstandardsandprocedures:

NHSInformationGovernance

Providedetailsoftheextentofusage,forexample,numberoflicensesforsoftwareproductsor numberofunitsforhardwareproducts:

Forphysicaldevicesprovidedetailsoftheirphysicallocation:

Detailsofphysicalprotectionmechanismstopreventtampering/misuse:

Technicalaspects
Productnameandversion Supplier/source Algorithmsused Keylengthsused

Keymanagementarrangements
Whohasresponsibilityforthefollowingandtheirassociatedprocedures: keygeneration keyissue keyrevocation keyrenewal keystorage Providedetails/referencesforanydocumentedkeymanagementstandardsandprocedures:

Areanykeymanagementproducts,trustedagentsorservicesused?Pleasespecify

NHSInformationGovernance

Arecertificationauthorityproductsorservicesused?Pleasespecify

Howarekeysstored?

Whatarethemechanismsforrecoveringlostkeys?

Howarekeysforbackupsandarchiveshandledandhowisbusinesscontinuityplanning addressed?

Detailtheproceduresusedtoverifythetrustworthinessofstaffinvolvedinkeymanagement:

Providedetailsofanyguidancetoendusersregardingkeymanagement:

Regulatoryaspects
Providedetailsofanyregulatoryrequirements:

Contractualmeasures
Providedetailsofanycontractualmeasurestakentosupporttheuseofcryptography(forexample, tosupporttheuseofdigitalsignaturestoresolvedisputes):

Providedetailsofanyothercontractualarrangementswiththirdparties: