If a device can use whole-disk encryption that meets the UF Standards, then that must be used. If no such option is available, the device still must be encrypted and alternative whole-disk encryption may be used. An example of this situation is a new version of an Operating System that UF-supported encryption software does not yet support. Once a supported and UF Standard-compliant solution becomes available, it must be implemented to replace the non-standard encryption.
If a non-standard encryption is used, the unit must document the encryption using the Encryption Form, which must be retained for 10 years. Encryption Form for Unsupported Devices
The elements that must be documented are:
- Name of unit providing the encryption service
- Name of individual performing the encryption installation
- Name of individual that is the primary device user
- Name of the UF unit the device user has primary affiliation with
- Ownership of the device (UF-owned or personally owned)
- Date and time device had whole disk encryption installed and activated
- Make, model, serial number, UF asset tag number (if applicable) of the device
- Operating System including version number
- The name, vendor and version of the encryption software used
- Statement indicating the following, “Device was encrypted with whole disk encryption”.