Standard:
YALE-MSS-7.2: Encrypt all electronic storage devices
YALE-MSS-7.2.1: Utilize full disk encryption
Low Risk Endpoint
Not Required
Moderate Risk Endpoint
Required
High Risk Endpoint
Required
Low Risk Server
Not Required
Moderate Risk Server
Required
High Risk Server
Required
Low Risk Mobile Device
Not Required
Moderate Risk Mobile Device
Required
High Risk Mobile Device
Required
Low Risk Network Printer
Not Required
Moderate Risk Network Printer
Required
High Risk Network Printer
Required
Details
Endpoints
If you use Yale's Managed Workstation Program, your endpoint meets this requirement.
All modern operating systems offer built-in support for Full Disk Encryption (FDE). You should confirm that FDE is enabled if you don't have a Yale managed workstation.
- MacOS: Use Filevault
- Microsoft Windows: Use Bitlocker
- Linux: Consult vendor documentation
Servers
Servers are exempt from the FDE requirement if they are housed in Yale data centers or hosted by vendors in secure data centers.
For other servers, see the notes under Endpoints above.
Mobile Devices
Modern smartphones and tablets are usually encrypted by default when you configure a passcode, fingerprint, or facial ID lock. You should confirm that encryption is enabled on your device.
Network Printers
Ensure that printers with built-in storage support FDE and that FDE is enabled.