The IT Security Office (ITSO) offers whole disk encryption for Microsoft Windows and Apple workstations and laptops to protect against unwanted access to data when the computer is powered off. Whole disk encryption protects all of the data on the hard drive. The enterprise solution supported by the ITSO allows for recovery if passwords are lost or operating systems experience failure through centralized, encryption key management. In addition, if a computer is lost, this service can create an audit trail to provide evidence of encryption and protection up to the point of loss.
University faculty and staff must request approval to store highly sensitive data on their workstations and laptops. Upon approval, the hard drive must be encrypted. For information concerning this requirement, go to the Authorization to Store Highly Sensitive Data
Faculty and staff may request encryption services for sensitive data that they believe could result in significant, negative impact to the organization if exposed.
This encryption solution provides access control restrictions in addition to those delivered by MESA
. Auditing and logging, which provides assurance of system encryption, is performed by the application and can indicate and alert when unauthorized access is attempted.
The whole disk encryption solution provides limited protection for systems while they are powered on and is only one component of protecting highly sensitive data. The ITSO can assist with assessing and formulating additional, appropriate controls and other recommendations.
This service is restricted to Microsoft Windows and Apple workstations and laptops.
Requirements for classifying, controlling, and protecting regulated data are described in University Policy Number 1114: Data Stewardship
All users of the George Mason University network must adhere to University Policy Number 1301: Responsible Use of Computing
How to Get this Service
To request storage of highly sensitive data on your workstation or laptop go to the Authorization to Store Highly Sensitive Data
web page. To request encryption services outside the need to store highly sensitive data, contact the ITU Support Center
and request "whole disk encryption services provided by the IT Security Office." Your request will be evaluated by the ITSO. There is no charge for this service.
The back end systems that support the enterprise encryption solution are included in TSD's critical infrastructure and are robustly supported with uptime of 99.9% or better. Support for end clients is performed by ITSO staff upon request or when alerted. Due to the nature of this service, approvals, evaluations, and risk assessments determine installation timeframes. For maintenance, contact the ITU Support Center
, clearly specify the support request, and ask that it be directed to the IT Security Office.