Product guide

ManualsBrandsMcafee ManualsOtherQUICKCLEAN 1.0

Product policies

On the Policy Catalog page, the policies for the Management of Native Encryption 1.0.0 product appear under the

FileVault Product Settings category.

Table 3-1 Product policies

Settings Description

FileVault

Management

Manage FileVault — Allows you to manage FileVault and receive reports from the client

system.

• Turn On (Enable) FileVault — Allows you to turn on FileVault on client systems and manage

accordingly. The client systems also report the status to McAfee ePO.

• Turn Off (Disable) FileVault — Allows you to turn off FileVault on client systems. However,

the client systems report the status to McAfee ePO.

On enabling this option, the Password Settings function gets disabled.

• Destroy FileVault key when going to standby mode — The FileVault recovery key will be removed

from memory when a system goes into a standby mode. This defends against

memory related attacks during various sleep states. Resuming from the sleep mode

will force a user authentication to bring the key back into memory.

Do not manage FileVault — FileVault cannot be managed and cannot receive FileVault

information. You can only receive minimal system information.

• Report machine status — Allows you to only receive reports from the client systems.

FileVault cannot be managed and no changes can be made on the client system. You

can report on BYOD (Bring Your Own Device) or contractor laptops to monitor

compliance to company encryption policies.

If FileVault is managed by MNE, the client system reports these to McAfee ePO:

• FileVault status • System encryption status

• FileVault mode • FIPS status

• System information

Password

Settings

Enforce OS X User password requirements — Allows you to set password settings on to OS X,

which will enforce these password settings on the client system.

If you disable this option, the Password Settings function gets disabled.

• Require at least one alphabetic character in password — The user must include at least one

alphabetic character in creating the password.

• Require at least one numeric character in password — The user must include at least one

numeric character in creating the password.

• Minimum length __ (4-40) — The user must create a password of the specified minimum

length.

• Maximum length __ (4-255) — The user must create a password of the specified

maximum length.

• Require change after the following number of days __ (1-180) — The user must change the

password after the specified number of days.

Client

Messaging

Prompt for restart after FileVault is enabled — The user is notified to restart the client system

when FileVault is enabled.

The user is given 60 seconds warning about the restart and they can choose to cancel

it. If they cancel it, FileVault changes will not be enforced until the system is restarted.

Otherwise, the system will automatically attempt to restart after the 60 second period

has expired.

Managing policies

Product policies

Management of Native Encryption 1.0 Product Guide