Reference Guide
Manage Policies
124
Full Disk Encryption (FDE)
This technology manages drives using software-based Full Disk Encryption. Authentication by users
through a Pre-Boot Authentication environment (before the operating system has booted) is required to
unlock the drive.
Full Disk Encryption
(FDE)
On
Off
Toggle to ON to enable
all full disk
encryption poli
cies. If
this policy is toggled
to OFF, no full disk
encryption takes pl
ace,
regardless of other
policy values.
On means that all Full
Disk Encryption
policies are enabled.
Changing the value of
this policy triggers a
new sweep to
encrypt/decrypt files.
Encryption Algorithm AES 256
AES 256, AES 128, FIPS
AES 256, FIPS AES 128
Encryption algorithm
used for Full Disk
Encryption.
Encryption Mode CBC
CBC, XTS
Encryption mode used
for Full Disk
Encryption.
Enable FDE Plugin Selected
The plugin must remain
sel
ected. To deactivate
the PBA and disable
full disk encryption,
toggle the Full Disk
Encryption policy to
OFF.
Self-Encrypting Drive (SED)
This technology manages self-encrypting drives (SEDs). Authentication by users through a Pre-Boot
Authentication environment (before the operating system has booted) is required to unlock the drive.
Self-Encrypting Drive
(SED)
Off
On
Off
Enable this policy to
provision the PBA. If
disabled after the PBA
is provisioned, the PBA
is de-provisioned and
the PBA database is
deleted. Re-enabling
this policy re-
provisions the PBA and
re-creates the PBA
database.
See advanced settings
Policy Default Setting Description