TPAM uses full disk encryption with pre-boot authentication—The hard drive for the appliance is protected via full disk encryption (AES-256) provided by Microsoft BitLocker Drive Encryption, utilizing the Trusted Platform Module (TPM) on the appliance to seal the keys. This ensures that even if the appliance is lost or stolen, the disk cannot be accessed outside the appliance. The pre-boot authentication prevents attempts
to remotely mount the drive to bypass access controls, since the device remains locked until the boot process is complete, at which time all internal controls are enabled. Unlike earlier TPAM versions no password is required to be entered on boot.
Protection of passwords—Passwords for managed systems and accounts reside in tables in the database, but are never stored as clear text. Instead they are AES-256 encrypted before storage, and the key used for this encryption is an x.509 certificate that is not accessible to users in any way.
Uploaded files are also encrypted using AES 256 algorithm.