YALE-MSS-7.2: Encrypt all electronic storage devices

Standards Group:
YALE-MSS-7: Data Protection

YALE-MSS-7.2: Encrypt all electronic storage devices

Low Risk Endpoint Not Required Moderate Risk Endpoint Required High Risk Endpoint Required Low Risk Server Not Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Not Required Moderate Risk Mobile Device Required High Risk Mobile Device Required Low Risk Network Printer Not Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

Encryption is the most effective way to prevent the disclosure of confidential data from a lost or stolen device. This includes encrypting your laptop, desktop, mobile devices, and portable storage devices (e.g., USB thumb drives, network-attached storage devices [NAS], SD cards).

Endpoints and Servers

If the IT system is an endpoint falling under Yale's Managed Workstation Program, this requirement is met.

All modern operating systems offer built-in support for Full Disk Encryption (FDE). You must confirm that FDE is enabled if you don't have a Yale-managed workstation.

  • MacOS: Use Filevault
    Microsoft
  • Windows: Use Bitlocker
  • Linux: Consult vendor documentation

Servers are exempt from the FDE requirement if they are housed in Yale data centers or hosted by vendors in secure data centers.

Portable Storage

For portable storage, please consider Yale's Secure USB service.

Mobile Devices

Modern smartphones and tablets are normally encrypted by default when you configure a passcode, fingerprint, or facial ID lock. You must confirm that encryption is enabled on your device.

Network Printers

Printers with built-in storage must enable FDE.

Controls