Welcome to the National Security Agency - NSA/CSS

The Inline Media Encryptor (IME) is a government-developed media encryption device. It is positioned "in line" between the computer processor and hard drive to ensure that anything stored to the hard drive gets encrypted and anything retrieved from the hard drive gets decrypted. The IME protects data classified Top Secret and below. Data stored on the hard drive is considered unclassified when encrypted. The IME was certified 26 November 2006.

How the IME Works

The IME provides Type 1 Encryption on a computer's Integrated Device Electronic (IDE) hard drive. It encrypts all physical sectors, including the Operating System (OS). With the IME physically positioned between the computer system and its hard drive, all data must pass through the IME and is stored encrypted on an IDE hard drive. Only those files "called" from the hard drive get decrypted. The hard drive always remains encrypted.

The IME meets emergency zeroization requirements for the rapid zeroization of data - without destroying the computer or rendering the data completely unrecoverable. Once the emergency zeroization mechanism is initiated, an adversary will have no way to obtain the information stored on the hard drive without the Crypto-Ignition Key (CIK). However, methods are in place to restore data if zeroized.

There are two types of IMEs, the KG200 and KG201.

• The KG200 fits into the standard 5.25" drive bay
• The KG201 is slightly modified for use with a laptop and requires a USB boot.

IME Features and Benefits

• Certifiable GOTS Type 1 Encryptor
• Meets Crypto Modernization Initiative (CMI) standards
• Protects data-at-rest classified up to TS/SCI
• Provides Emergency Data Destruction without destroying equipment or losing data
• Has mechanisms in place for data recovery and retrieval
• Provides Authentication
• Tamper protected
• TEMPEST tested
• Hardware and software independent
• Works with any OS
• Can be used in conjunction with any computer that uses an IDE hard drive
• Requires no software drivers
• IME use is transparent to the user
• Use of the IME does not slow down the laptop or workstation
• 800 Mbit/sec throughput speed
• Data is secure (stored encrypted) when at rest (unclassified)
• Classified data can be transported via unclassified methods
• Requires a Personal Identification Number (PIN)
• Up to 10 user accounts can be assigned to each IME

For Mobile Users

• Protects data in the event the laptop is lost or stolen
• Encrypted hard drive does not have to be couriered
• Time and cost savings through use of commercial carrier vs. Defense Courier System

IME Key Management

• Self-Generating Storage Key
• No key distribution required
• Instantaneous key zeroization
• Recovery key stored off site for reconstitution of data
• Crypto-Ignition Key (CIK) is exclusive to the individual IME
• When separated, the IME and CIK are unclassified
• Key management conforms to NSA's Key Management Infrastructure

IME Purchasing Options

Customers can purchase the IME through NSA's IDIQ contract. Contract number is H98230-08-D-0096. Customers may also purchase devices directly from ViaSat, Inc.

To learn more about the IME and purchasing, contact: