NHS TO Infrastructure Security Team (NHS TO IST)
Pre-boot Authentication
NHS recommended good practice for the implementation of McAfee Endpoint Encryption
(formerly called SafeBoot) is that pre-boot authentication by McAfee Endpoint Encryption
should be enabled as pre-boot authentication provides significant improvements in the
security of devices. The encryption of a device should be considered to only be as secure
as the strength of its authentication. However, encryption without pre-boot authentication
is very clearly preferable to leaving devices without encryption.
There are some technical reasons that prevent or make difficult enabling pre-boot
authentication with McAfee Endpoint Encryption on a limited number of Mobile Clinical
Assistant devices. McAfee is currently working with the manufacturers of these Mobile
Clinical Assistant devices to resolve these technical issues. Until these issues can be
resolved, it is recommended by McAfee and the NHS that these devices be encrypted,
but that pre-boot authentication should not be enabled. Once the technical issues are
resolved, it is then recommended that pre-boot authentication should be enabled.
Further information and guidance will be made available on the NHS Connecting for
Health Encryption Tool website at:
http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/security/encryptiontoo
l
Page 1 of 1