All NIH laptop and tablet computers must be encrypted with a FIPS 140-2 compliant encryption software package.
If you include personally identifiable information (PII) or sensitive data in an e-mail message, that message must be encrypted!
PII and sensitive data must NOT be stored on personally owned equipment. If transported, it must be stored on an encrypted government-owned (or authorized encrypted contractor owned) laptop or portable storage device.
Encryption is the process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can. In an encryption scheme, the message or information (referred to as plaintext) is encrypted using an encryption algorithm, turning it into an unreadable cipher text (ibid.). This is usually done with the use of an encryption key, which specifies how the message is to be encoded. Any adversary that can see the ciphertext, should not be able to determine anything about the original message. An authorized party, however, is able to decode the ciphertext using a decryption algorithm, that usually requires a secret decryption key, that adversaries do not have access to. For technical reasons, an encryption scheme usually needs a key-generation algorithm, to randomly produce keys. (Source: Wikipedia)
A Federal Information Processing Standard (FIPS) is a publicly announced standardization developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract.
The Federal Information Processing Standard (FIPS) Publication 140-2, FIPS PUB 140-2, is a federal government computer security standard. This standard specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information. The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover areas related to the secure design and implementation of a cryptographic module.