Standard and Process
Encrypt data stored on the hard drive, removable media (e.g., USB, flash drive, DVD), or shared through storage device (e.g., external drive).
Configure the device to:
- encrypt the data at the file or full disk level;
- use a minimum of 128-bit AES or other NIST (SP 800-111) approved algorithm; and,
- encrypt the data exchange between systems, devices and third parties.
Users should know:
- encryption does not protect the data if someone else uses your password associated with the encryption;
- encryption should be used on all devices and storage media (e.g - CD, DVD, flash drive, memory stick, mobile phone); and,
- encryption may not be allowed in some foreign countries, be aware of this when traveling.
All processes and procedures for encryption key management must be documented (including key generation, distribution, archiving, renewal, retirement, revocation, deletion/destruction, compromise plan).
- Encryption Products
- Installation and configuration management
Document Owner: University Information Security
Document Approvers: Brian Dahlin, Chief Information Security Officer; Patton Fast, University Enterprise Architect
Effective Date: August 2010
Last Reviewed Date: November 2014