Endpoint Encryption Standard

  • Reference Number:  IS-S303
  • Responsible Office:  Information Security Office
  • Version #:  002
  • Effective Date:  18-December-2017
  • Last Updated:  18-December-2017

I.  Purpose

The purpose of the University’s Endpoint Encryption Standard is to protect University data that must be stored on faculty and staff devices, especially Regulated and Confidential Data, as defined in the University’s Data Classification and Handling Standard (IS-S302).

II.  Scope

This standard covers all computers, electronic devices, and media capable of storing electronic data that house Regulated or Confidential Data, as defined by the University’s Data Classification and Handling Standard (IS-S302).  This includes both University-owned and personally-owned devices.

III.  Definitions

Confidential Data:  Data protected as Confidential by law, contracts, or third-party agreement, and by the University for confidential treatment. Unauthorized disclosure, alteration, or destruction of this data type could cause a significant level of risk to the University or its affiliates.

Encryption:  The process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.

Regulated Data:  Data controlled by federal, state, local, and/or industry regulations. These data are affected by data breach notification laws and contractual provisions in government research grants, which impose legal and technical restrictions on the appropriate use of institutional information.

University:  The University of Arizona.

IV.  Requirements

All computers, backup media, and other devices used to store electronic Regulated and/or Confidential Data must be secured using full-disk encryption everywhere possible, with key escrow adequate to provide for third-party data recovery in the event of legal requirements or business need.

If full-disk encryption is not possible, then individual files containing Regulated Data should be encrypted. Individual file encryption for files containing Confidential Data is recommended.

For assistance determining appropriate data classification and protection, check with the Information Security Office.

V.   Revision History

  1. Revision 001:  10/9/17
  2. Revision 002:  12/6/17

Effective:  12/18/17

Print version