The HEISC Technologies, Operations, and Practices Working Group has created a page on Full Disk Encryption.
Full disk encryption (FDE) is a security safeguard that protects all data stored on a hard drive from unauthorized access using disk-level encryption. With FDE, all data is encrypted by default, taking the security decision out of the hands of the user. The most common use case for implementing FDE is to protect data loss due to lost or stolen laptops, which is often sufficient enough to avoid costly data breach notification requirements.
The purpose of this guide is to provide worthwhile strategies for implementing full disk encryption throughout your organization, and to identify common pitfalls to avoid. The following topics are covered on this page: