Unsupported Operating Systems
If a device can use whole-disk encryption that meets the UF Standards, than that must be used. If no such option is available, the device still must be encrypted and alternative whole-disk encryption may be used. An example of this situation is a new version of an Operating System that UF-supported encryption software does not yet support. Once a supported and UF Standard-compliant solution becomes available, it must be implemented to replace the non-standard encryption.
If a non-standard encryption is used, the unit must document the encryption using the Encryption Form, which must be retained for 10 years.
The elements that must be documented are:
- Name of unit providing the encryption service
- Name of individual performing the encryption installation
- Name of individual that is the primary device user
- Name of the UF unit the device user has primary affiliation with
- Ownership of the device (UF-owned or personally owned)
- Date and time device had whole disk encryption installed and activated
- Make, model, serial number, UF asset tag number (if applicable) of the device
- Operating System including version number
- The name, vendor and version of the encryption software used
- Statement indicating the following, “Device was encrypted with whole disk encryption”.