Skip to main content

Encrypt Your Devices

Step 1: Find out if your device is compliant.

Use the MyDevices website to see a list of the computers that Stanford's records indicate are currently associated with you, along with their compliance statuses. If you see a device that is no longer in use or no longer associated with you, click the Remove button for that device.

Visit MyDevices

Step 2: Choose the operating system of your non-compliant device.

Compliance is required for all macOS devices used by employees on the campus network.

Step 3: Determine if your device can be encrypted.

Supported Operating Systems

The policy for minimum software versions at Stanford is N-2, the current version plus the two most recently supported versions available. For more information, go to sunset.stanford.edu.

Yes

Proceed to Step 4 »

No

View options »

Step 4: Do you (or will you) access or store High Risk Data using this device?

Learn more about High Risk Data.

Yes

Install SDR for Mac »

No

Proceed to Step 5 »

Step 5: Which encryption service should you use?

For those Stanford and personally owned devices that are not compliant, choose and download the option that best meets your needs:

FeaturesEncryption with ManagementEncryption with Reporting
Verifiably encrypts computerYesYes
Complies with Stanford encryption requirement for High Risk DataYesNo
Deploys security patches and computer updates automatically via managementYesNo
Reports computer's encryption and screen saver statusYesYes
Securely stores encryption keyYesoptional
Supported Operating SystemsThe policy for minimum software versions at Stanford is N-2, the current version plus the two most recently supported versions available. For more information, go to sunset.stanford.edu.The policy for minimum software versions at Stanford is N-2, the current version plus the two most recently supported versions available. For more information, go to sunset.stanford.edu.
DownloadInstall SDR for MacInstall VLRE for Mac

If your device cannot be encrypted:

Option 1: Upgrade or replace

If your device is not running a supported operating system, it cannot become compliant in its current state. You can do one of the following:

  • Upgrade the operating system.
  • Replace your device with one capable of running a supported operating system.

If you need assistance, contact your local support.

Option 2: Disavowal

Indicate that the device is no longer being used.

  1. Open mydevices.stanford.edu to see a list of devices and their compliance statuses.
  2. Click the Remove button for that device.
  3. Select the reason for removal and click the Submit button.

Option 3: Exception

Submit an exception request for computers that cannot support encryption due to special research requirements.

  1. Request a compliance exception.
  2. Your exception request will be reviewed within one week.

Option 4: No action

  1. Receive weekly email notifications until the device's enforcement grace period has expired.
  2. Campus network access will be restricted for any device that remains non-compliant after its grace period has expired.

Compliance is required for all Windows devices used by employees on the campus network.

Step 3: Determine if your device can be encrypted.

Supported Operating Systems

The policy for minimum software versions at Stanford is N-2, the current version plus the two most recently supported versions available. For more information, go to sunset.stanford.edu.

Yes

Proceed to Step 4 »

No

View options »

Step 4: Do you (or will you) access or store High Risk Data using this device?

Learn more about High Risk Data.

Yes

Install SDR for Windows »

No

Proceed to Step 5 »

Step 5: Which encryption service should you use?

For those Stanford and personally owned devices that are not compliant, choose and download the option that best meets your needs:

FeaturesEncryption with ManagementEncryption with Reporting
Verifiably encrypts computer
Complies with Stanford encryption requirement for High Risk Data
Deploys security patches and computer updates automatically via management
Reports computer's encryption and screen saver status
Securely stores encryption keyoptional
Supported Operating Systems

The policy for minimum software versions at Stanford is N-2, the current version plus the two most recently supported versions available. For more information, go to sunset.stanford.edu.

The policy for minimum software versions at Stanford is N-2, the current version plus the two most recently supported versions available. For more information, go to sunset.stanford.edu.

 Install SDR for WindowsInstall VLRE for Windows

If your device cannot be encrypted:

Options 1: Upgrade or replace

If your device is not running a supported operating system, it cannot become compliant in its current state. You can do one of the following:

  • Upgrade the operating system.
  • Replace your device with one capable of running a supported operating system.

If you need assistance, contact your local support.

Option 2: Disavowal

Indicate that the device is no longer being used.

  1. Open mydevices.stanford.edu to see a list of devices and their compliance statuses.
  2. Click the Remove button for that device.
  3. Select the reason for removal and click the Submit button.

Option 3: Exception

Submit an exception request for computers that cannot support encryption due to special research requirements.

  1. Request a compliance exception.
  2. Your exception request will be reviewed within one week.

Option 4: No action

  1. Receive weekly email notifications until the device's enforcement grace period has expired.
  2. Campus network access will be restricted for any device that remains non-compliant after its grace period has expired.

Compliance is required for all iOS devices used by employees on the campus network.

Step 3: Determine if your device can be encrypted.

Supported Operating Systems

Apple Device: iOS 10 or later

Yes

Install Jamf »

No

View options »

If your device cannot be encrypted:

Option 1: Upgrade or replace

If your device is not running a supported operating system, it cannot become compliant in its current state. You can do one of the following:

  • Upgrade the operating system.
  • Replace your device with one capable of running a supported operating system.

If you need assistance, contact your local support.

Option 2: Disavowal

  1. Open mydevices.stanford.edu to see a list of devices and their compliance statuses.
  2. Click the Remove button for that device.
  3. Select the reason for removal and click the Submit button.

Option 3: Exception

Submit an exception request for computers that cannot support encryption due to special research requirements.

  1. Request a compliance exception.
  2. Your exception request will be reviewed within one week.

Option 4: No action

  1. Receive weekly email notifications until the device's enforcement grace period has expired.
  2. Campus network access will be restricted for any device that remains non-compliant after its grace period has expired.

Compliance is required for all Android devices used by employees on the campus network.

Step 3: Determine if your device can be encrypted.

Supported Operating Systems

Android Device: Android 6.0 or later

Yes

Install Mobile Device Management (MDM) »

No

View options »

If your device cannot be encrypted:

Option 1: Upgrade or replace

If your device is not running a supported operating system, it cannot become compliant in its current state. You can do one of the following:

  • Upgrade the operating system.
  • Replace your device with one capable of running a supported operating system.

If you need assistance, contact your local support.

Option 2: Disavowal

Indicate that the device is no longer being used.

  1. Open mydevices.stanford.edu to see a list of devices and their compliance statuses.
  2. Click the Remove button for that device.
  3. Select the reason for removal and click the Submit button.

Option 3: Exception

Submit an exception request for computers that cannot support encryption due to special research requirements.

  1. Request a compliance exception.
  2. Your exception request will be reviewed within one week.

Option 4: No action

  1. Receive weekly email notifications until the device's enforcement grace period has expired.
  2. Campus network access will be restricted for any device that remains non-compliant after its grace period has expired.

Devices running Linux and Windows Phone are temporarily exempt from the encryption requirement.

Do not store High Risk Data without a formal exception.

Back to Encryption at Stanford