You are here

Device Encryption

See the Device Encryption Standard in the University's Information Security policy for specific requirements that you must follow.

Standard and Process

Configuration

Encrypt data stored on the hard drive, removable media (e.g., USB, flash drive, DVD), or shared through storage device (e.g., external drive).

Configure the device to:

  • encrypt the data at the file or full disk level;
  • use a minimum of 128-bit AES or other NIST (SP 800-111) approved algorithm; and,
  • encrypt the data exchange between systems, devices and third parties.

User Education

Users should know:

  • encryption does not protect the data if someone else uses your password associated with the encryption;
  • encryption should be used on all devices and storage media (e.g - CD, DVD, flash drive, memory stick, mobile phone); and,
  • encryption may not be allowed in some foreign countries, be aware of this when traveling.

Documentation

All processes and procedures for encryption key management must be documented (including key generation, distribution, archiving, renewal, retirement, revocation, deletion/destruction, compromise plan).

More Information

Document Owner: University Information Security

Document Approvers: Brian Dahlin, Chief Information Security Officer; Patton Fast, University Enterprise Architect

Effective Date: August 2010

Last Reviewed Date: November 2014