Data Encryption

 

Full disk encryption is required for all NYS issued computers or personal devices that access NYSPI information.  The instructions on this page will show you how to encrypt a hard-drive and removable USB storage devices.  Windows devices can be encrypted with BitLocker. Mac devices can be encrypted with FileVault2.  More information can be found in the NYSPI Encryption Policy


Windows 10

Note: BitLocker is only available on Windows 10 Professional and Windows 10 Enterprise.  If you are using a personal computer with Windows 10 home edition, you will need to upgrade to Professional to access BitLocker.  Devices must be full-disk encrypted to comply with NYSPI standards. 

 

Full-disk Encryption 

1. Click on the Windows Icon and type BitLocker.  Select "Manage BitLocker". 

 

2.  If it is not already activated, select "Turn on BitLocker". 

 

3.  When prompted to choose a method for unlocking your drive, select "Enter a Password".   Create a strong, unique password to protect your data.  

 

4.  You can save this password to your NYSPI Microsoft One Drive Account in the event that you forget your password.  

 

5.  When prompted, select "encrypt entire drive".  This process may take some time depending on how much data is on your drive.  

 

6.  When asked which encryption method to use, select "New Encryption Mode" (if you are trying to encrypt a USB device, see the instructions below).

 

7. Restart your computer to complete the encryption process. 

USB Device Encryption
1. Insert the USB drive and open file explorer (Windows Key + E).  The device should be listed on the left in the navigation pane. Right click the device and select "Turn on BitLocker". 

Turn on BitLocker

 

2.  When prompted, select "use a password to unlock" and create a strong, unique password.   Create a password

3.  Select "Save to your cloud domain account" so that you can unlock the device in the event that you forget the password. 

You must save it to your NYSPI cloud domain.

Save to cloud domain
4.  When prompted, select "Encrypt entire drive" and then click next.  Encrypt full device

5. When prompted to choose an encryption mode, select "Compatible mode" and then click next.  The encryption process will start.  

 

6.  Test that the encryption was successful by ejecting and then reinserting the drive.  You should be prompted to enter a password to access the device.  

Compatible Mode

 

 


                                     


FileVault 2 (Mac Users)

FileVault 2 is available in OS X Lion or later.  When FileVault is turned on, your Mac always requires that you log in with your account password. 

Full-Disk Encryption 

1. Choose Apple menu > System Preferences, then click Security & Privacy.

2. Click the FileVault tab.

3. Click Locked, then enter an administrator name and password.

4. Click Turn On FileVault.

1. Choose Apple menu > System Preferences, then click Security & Privacy.

2. Click the FileVault tab.

3. Click Locked, then enter an administrator name and password.

4. Click Turn On FileVault.

Turn on FV2
5.  Select your username and enable Filevault.   Users

 

USB Device Encryption

TBC

 

Resources:

 

Microsoft Instructions for Activating BitLocker 

 

CUMC Instructions for BitLocker

 

Apple Support Instructions for FileVault

 

CUMC Instructions for FileVault 2

 

NYSPI Encryption Standards

 

For more information, contact the IT Service Desk