Whole Disk Encryption Policy
Contact
Information Technology Services (ITS)Humanities 316
651-696-6525
helpdesk@macalester.edu
Hours
ITS Help Desk
open
until 9:00 pm
Purpose
The purpose of the Macalester College Whole Disk Encryption Policy is to protect regulated and confidential data that may reside on Macalester computers. See the data classification policy for more information. These devices are often portable or located in public spaces making them susceptible to accidental loss or theft. Whole disk encryption protects data residing on storage mediums when the computer is powered off.
Scope
This policy governs appropriate use of encryption on Macalester provided or managed computers for all users.
Policy
- Computers will be configured with whole disk encryption using the operating system integrated method (BitLocker, FileVault)
- Whole disk encryption keys will be centrally managed by ITS.
- Encryption status will be recorded and periodically updated.
- Users will not disable whole disk encryption for any reason.
- A password is required to login, unlock, or return to active state from sleep, hibernation, screen saver and all similar states in order to protect data when the computer is on.
Enforcement
Any user found to have violated this policy will be subject to revocation of certain privileges or services, including but not limited to loss of computer access.