HP EliteDesk 800 G1 Ultra-slim PC Client Security Commercial Managed IT Softwa - Page 7

5. For the use cases outlined in the DOD 5220.22-M Supplement. Traditional hard drives supported. 6. Windows required. When included, HP Trust Circles Standard allows up to 5 Trust Circles with up to 5 contacts in each Trust Circle. HP Trust Circles Pro required for unrestricted number of Trust Circles and contacts. HP Trust Circles Reader is available to allow a contact to participate in an invited Trust Circle. Available at http://hptc.cryptomill.com. 7. Requires initial setup and Microsoft Outlook and Microsoft Office. One year of service included. For users without HP Privacy Manager, DigitalPersona Privacy Manager is required for sharing encrypted files and emails, and six months of service is included. Users can use their own compatible digital certificate instead of offered service. No longer supported or provided on Business PCs launched after September 2013. 8. For the methods outlined in the National Institute of Standards and Technology Special Publication 800-88. ElitePad 900 G1 support with BIOS F.03 and higher. Table 2 Device Protection Security Features Layer BIOSphere Software-based Device protection HP Sure Start1 HP BIOS Protection 2 Pre-boot Security Absolute Persistence3 (See Absolute Data Protect (ADP) on page 31) Master Boot Record Security HP Device Access Manager with Just in Time Authentication (See HP Device Access Manager (HPDAM) on page 19) Description HP Sure Start is the first and only self-healing technology solution created to protect against Malware and Security attacks aimed at the BIOS, developed in collaboration with HP Labs. Sure Start is a hardware based solution that protects and recovers the BIOS Boot Block regardless of the cause of corruption or compromise assuring a virtually un-interrupted boot. Sure Start is independent of CPU such that any virus or malware is not aware of Sure Start or any of its components making this a technology not easily susceptible to attacks. Developed according to NIST SP 800-147 security guidelines, this feature protects the BIOS from attacks. All BIOS updates are checked for a proper cryptographic signature. If this check fails, the platform will refuse the update. • If malware is able to circumvent this process, and malicious code is detected, the BIOS repairs itself using a verified BIOS copy that is stored in the system flash memory or in the HP_Tools partition. Otherwise, the system does not boot and emits a particular LED code. Users can recover manually by flashing the BIOS from a USB storage device. Built-in security features such as BIOS security, port control, communications device control, boot options, and Absolute Persistence module. Once subscribed and activated to supported Absolute services (purchased separately), the Persistence Module ensures that activated Absolute software services, like Computrace have their agent replaced in Windows, if it is ever removed. For more information visit http://www.absolute.com/ . Backup and then restore your MBR if it gets compromised. Business Desktops BIOS can additionally lock the MBR so that it cannot be written to while locked. Provides advanced security options to selectively block ports, connections, and storage devices that can compromise the security of your PC or your network. • Allows an Administrator to define which users or groups have access to which devices that are connected to or integrated into the PC. • Prevents someone from walking up to your unlocked PC and taking data off your computer onto a USB Drive • Just In Time Authentication allows data transfer to Removable Storage (ex. USB Drives) or Optical Disk Drives for a brief period of time only after the user validates their identity. Absolute Data Protect3 Enables you to manage your PC remotely with remote Find, Lock, or file Erase. 7