Enterprise Whole Disk Encryption - Encryption at Rest

Also known as: Encryption - Whole Disk Encryption at Rest
Available to: Faculty & Staff

Service Summary

The IT Security Office (ITSO) offers whole disk encryption for Microsoft Windows and Apple workstations and laptops to protect against unwanted access to data when the computer is powered off. Whole disk encryption protects all of the data on hard drive. The enterprise solution supported by the ITSO allows for recovery if passwords are lost or operating systems experience failure through centralized, encryption key management. In addition, if a computer is lost, this service can create an audit trail to provide evidence of encryption and protection up to the point of loss.

University faculty and staff must request approval to store highly sensitive data on their workstations and laptops. Upon approval, the hard drive must be encrypted. For information concerning this requirement, go to the Authorization to Store Highly Sensitive Data web page.

Faculty and staff may request encryption services for sensitive data that they believe could result in significant, negative impact to the organization if exposed.

This encryption solution provides access control restrictions in addition to those delivered by MESA. Auditing and logging, which provides assurance of system encryption, is performed by the application and can indicate and alert when unauthorized access is attempted.

The whole disk encryption solution provides limited protection for systems while they are powered on and is only one component of protecting highly sensitive data. The ITSO can assist with assessing and formulating additional, appropriate controls and recommendations.

This service is restricted to Microsoft Windows and Apple workstations and laptops.

Requirements for classifying, controlling, and protecting regulated data are described in University Policy Number 1114: Data Stewardship.

All users of the George Mason University network must adhere to University Policy Number 1301: Responsible Use of Computing.

How to Get this Service

To request encryption services outside the need to store highly sensitive data, contact the ITS Support Center and request "whole disk encryption services provided by the IT Security Office." Your request will be evaluated by the ITSO.

There is no charge for this service.


Once installed, the whole disk encryption client is self-supporting and does not require back end systems to remain functional.

Getting Help

For help or information concerning this service please contact:
Curtis McNay,
Adam Curtis,

Training is provided upon project engagement and during installation.

Additional Information

The back end systems that support the enterprise encryption solution are included critical infrastructure and are robustly supported with uptime of 99.9% or better. Support for end clients is performed by ITSO staff upon request or when alerted. Due to the nature of this service, approvals, evaluations, and risk assessments determine installation timeframes. For maintenance, contact the ITS Support Center, clearly specify the support request, and ask that it be directed to the IT Security Office.

Last modified date: August 1, 2014