Printed on: 02/16/2019. Please go to for the most current version of the Policy or related document.

Device Encryption Standard

Appendix to Policy


Use data encryption to prevent unauthorized access to University information stored on IT resources. Encryption protects the data from unauthorized access when the device is lost or stolen.

Security Controls

Single-user Device (e.g., desktop, laptop, USB flash drive, mobile phone)

The following table defines the baseline security controls for encryption of single-user systems.

Control Security Level
ID Description High Medium Low
DE.A.01 Encrypt the data Required Required Recommended
DE.A.02 Encrypt the entire disk Required Recommended Recommended
DE.A.03 Encrypt mobile devices Required Recommended Recommended
DE.A.04 Encrypt removable media (e.g., USB) Required Recommended Recommended
DE.A.05 Encrypt backups Required Recommended Recommended
DE.A.06 Protect encryption keys from unauthorized access Required Required Recommended

Resources Covered

This standard applies to IT resources owned or contracted by the University. This also applies to personally owned devices authorized to store University data designated as private-highly restricted or private-restricted .

Individuals Covered

This standard applies to University community members who use or manage University IT resources.

Related Information

More information Device Encryption

Published Date

  • November 2014

Document Feedback