Even though servers are out of scope of the paper for NIST's purposes, I would still use NIST 800-111 as the basis for my server encryption strategy, as it is the only document that is clearly permitted. The same general principles apply for hard drive encryption whether it's for a desktop, laptop or server, especially with regard to algorithms and key management.
It's true that NIST has yet to publish official recommendations on server encryption, but section 3.1 of 800-111 covers the basic options for different encryption types, and section 4.2 has some recommendations on how to design an encryption system. So to make things easier, just pretend servers are in scope and follow the recomendations NIST 800-111 lists for other types of encryption.
Although not specifically cited in HITECH or NIST publications, database encryption options should be investigated as well. Most commercial databases today offer this functionality at one level or another. Additionally, there are a number of third-party products that can assist with adding cryptography to databases. You do want to ensure, however, that whatever encryption product you choose is compliant with FIPS 140-2. That way you know the cryptography is sufficiently strong. Keep in mind, though, that just because a product is secured and FIPS-certified, not all of its modes may be secure, so check the documentation carefully.
For more information:
This was first published in December 2009