Endpoint Encryption Device Policy Rules

The following table explains the security policy rules for lost or stolen Endpoint Encryption devices. Depending on the policy settings, too many consecutive unsuccessful authentication attempts to the Endpoint Encryption devices delays the next authentication attempt, locks the Endpoint Encryption device, or erases all data controlled by the associated Endpoint Encryption agent.

Table 1. Device Security Options

Security Option

Description

Time delay

PolicyServer temporarily locks the Endpoint Encryption device and notifies the Endpoint Encryption user that the device is locked. The ability to authenticate or reset the password is disabled during the time delay. The duration of the time delay is determined by policy. Once the time delay has expired, the user is permitted to authenticate.

Note:

The Endpoint Encryption user may use Self Help or Remote Help authentication to avoid waiting for the time delay period to expire.

Remote authentication required

PolicyServer locks the Endpoint Encryption device until the Endpoint Encryption user contacts receives Remote Help authentication from an authenticator or from Support.

Note:

For more information, see Remote Help.

Erase the device

PolicyServer erases all data controlled by the associated Endpoint Encryption agent.

Warning:

The Endpoint Encryption user cannot recover the erased data.