
Software Full Drive Encryption
Cigent Software Full Drive Encryption (SW FDE) secures mission-critical data providing NSA CSfC for DAR inner-layer protection.
NSA Validated DAR Protection
NSA Validated DAR ProtectionCigent SW FDE employs quantum-resistant AES 256-bit encryption validated by NIAP and NSA to protect data at rest. Cigent SW FDE can complement HW FDE to meet CSfC for DAR requirements or utilize as stand-alone encryption delivering foundational protection.
Advanced Boot Protection
Cigent employs pre-OS boot which requires users to authenticate before the operating system boots. The approach reduces the risk of the OS being compromised to gain access to keys.

Multi Factor Authentication
Ensures that only authorized users can access encrypted data by requiring the use of both username/password and a Smartcard (CAC).

Administration at Scale
Command line interface provides management of SW FDE with ability to integrate into existing enterprise management.

Extensive Coverage
Supports PCs, mobile workstations, and servers running Windows or Linux. SW FDE can also be employed on non-traditional compute devices including vehicles, UxV, and ICS.
Protection
CSfC for DAR Protection
NSA CSfC for DAR requires two layers of protection:
Outer Layer
The outer layer includes hardware full drive encryption (HW FDE) with pre-boot authentication.
Inner Layer
The inner layer includes software full drive encryption with multi-factor authentication.
SW FDE
Cigent SW FDE paired with Cigent Secure Storage SSDs – that include HW FDE and PBA - provides a single CSfC for DAR solution. Cigent employs a separate and distinct crypto libraries for HW and SW encryption meeting NSA “manufacturer diversity requirement.”
Cigent SW FDE can also be utilized with other suppliers’ CSfC compliant drives to provide the inner layer of CSfC DAR protection requirements.
How Cigent FDE Protects your Data
Cigent Software Full Disk Encryption safeguards sensitive data from power-off through system boot. Cigent SW FDE operates independently of the hardware and protects data at rest with strong cryptographic controls and multi-factor authentication.
Power-Off Protection
When the device is powered off, all data on the drive remains encrypted and unreadable
Boot-Time Enforcement
Upon power-on, the SW FDE requires authentication before the operating system loads, enforcing access control before any data is decrypted.
Two-Factor Access Control
Access to encrypted data requires authentication using both a username/password and a smartcard (CAC).
Transparent Data Access
Once authenticated, the encryption engine fully decrypts the disk, allowing users to seamlessly access their data without friction.

The Cigent Advantage
Cigent solutions were designed and developed with and for US Intelligence and Defense communities. All employees, including Cigent software development, are based in the US. The team includes multiple personnel with TS/SCI clearance with decades of data protection and operational experience to support your requirements.
Cigent solutions have been tested and validated by leading Federal agencies including MITRE, NIST, NSA, NIAP, the Air Force, Cyber Resilience of Weapon Systems (CROWS), and NSSIF (UK) and are deployed across US Intelligence agencies, US Defense services, and the defense industrial base.

ebook
Protect Your Data at Rest
Cigent is prepared to support your mission navigating the complex compliance requirements to protect data at the edge. Its solutions were developed for and with US Federal agencies with deep expertise in data protection. Read our extensive eBook to learn more.

provide value to the visitor

Edge Computing Requires Edge Security: Best Practices for Protecting Sensitive Data at the Edge
Discover best practices for protecting sensitive data at the edge with Cigent's insights ..

Prevent Data Security Issues with Disk Cloning & Data Destruction
Explore how disk cloning and data destruction can prevent security issues. Learn how to ..

FIPS 140-2 & FISMA — Understanding Cybersecurity Compliance for Cryptography Modules
Learn about FIPS 140-2 and FISMA compliance for cryptography modules, essential for ..
Frequently Asked Questions
Check out the answers to some of most frequently asked questions about Cigent, what we do, and how we do it. Don’t see your question on the list? Click the BOOK A DEMO button in the top right corner of your screen to learn more about us during a custom demo.
Cigent protects data on devices operating at the edge from unauthorized access. Cigent solutions secures data at rest with layered protection including hardware encryption, pre-boot authentication, and multifactor authentication. Cigent also ensures data integrity when the device is in use preventing wiping and cloning and other data attacks.
To prevent sophisticated adversaries from unauthorized access requires layered protection. The foundation of Cigent solution is 256-AES full drive hardware encryption with pre-boot and multifactor authentication. These capabilities have been validated by agencies including NSA and NIAP. Additionally, Cigent provides capabilities that ensure the integrity of data through its lifecycle including hidden partitions, storage-embedded AI, and verified data erasure.
Data at rest encryption traditionally refers to the encryption of data when the device is asleep or powered-off. Data at rest encryption seeks to prevent adversaries who gain physical access to the device would seek to extract sensitive data. Cigent uses AES 256 full drive hardware encryption with pre-boot and multifactor authentication. In addition, Cigent uses zero-trust access to control to also protect data when a device is in use. This is with hidden partitions that maintain encryption until it is accessed with step-up authentication.
Pre-boot authentication (PBA), also known as power-on authentication, is a security feature that requires users to authenticate before their device boots up. PBA is a layered approach that protects devices and data from offline attacks and cyberattacks. It's often used with full disk encryption (FDE), where users must authenticate to boot the system and restore data. Cigent PBA has been tested and validated by leading organizations including NSA, DISA, NIST, and NIAP.
Cigent provides the widest breadth of secure storage solutions all utilizing hardware encryption. These includes: PCs supporting both M.2 2280 and the emerging M.2 2230 standard, remote servers and NAS devices with U.2 drives, external media with flash drives, encrypted external drives, SD and Micro SD cards, and embedded for SSD BGA.
Yes, Cigent Secure Storage Solutions can support organizations meeting Commercial Solutions for Classified (CSfC) for data at rest including pre-boot authentication requirements. Cigent solutions can also meet FIPS 140-2 and 140-3 standards. Additionally, Cigent can address requirements from Executive Order 14028 including encryption of data at rest, multi-factor authentication, and the utilization of zero-trust access control. Cigent protections have been thoroughly tested and validated by leading Federal agencies including MITRE, NIST, NSA, NIAP, the Air Force, Cyber Resilience of Weapon Systems (CROWS), and NSSIF (UK).
Still have questions?
Learn more about Cigent and our solutions by downloading our company overview.

Cigent’s Federal Data Protection Solutions are second to none
Learn more about how Cigent can help you achieve your mission and protect data at rest and data on the edge from all forms of attack.