Encrypt Your Devices
Step 1: Find out if your device is compliant.
Use the MyDevices website to see a list of the computers that Stanford's records indicate are currently associated with you, along with their compliance statuses. If you see a device that is no longer in use or no longer associated with you, click the Remove button for that device.
Step 2: Choose the operating system of your non-compliant device.
macOS
Compliance is required for all macOS devices used by employees on the campus network.
Step 3: Determine if your device can be encrypted.
Supported Operating Systems
The policy for minimum software versions at Stanford is N-2, the current version plus the two most recently supported versions available. For more information, go to sunset.stanford.edu.
Yes
Proceed to Step 4
Step 4: Do you (or will you) access or store High Risk Data using this device?
No
Proceed to Step 5.
Step 5: Which encryption service should you use?
For those Stanford and personally owned devices that are not compliant, choose and download the option that best meets your needs:
| Features | Encryption with Management | Encryption with Reporting |
|---|---|---|
| Verifiably encrypts computer | Yes | Yes |
| Complies with Stanford encryption requirement for High Risk Data | Yes | No |
| Deploys security patches and computer updates automatically via management | Yes | No |
| Reports computer's encryption and screen saver status | Yes | Yes |
| Securely stores encryption key | Yes | optional |
| Supported Operating Systems | The policy for minimum software versions at Stanford is N-2, the current version plus the two most recently supported versions available. For more information, go to sunset.stanford.edu. | The policy for minimum software versions at Stanford is N-2, the current version plus the two most recently supported versions available. For more information, go to sunset.stanford.edu. |
| Download | Install SDR for Mac | Install VLRE for Mac |
If your device cannot be encrypted:
Option 1: Upgrade or replace
If your device is not running a supported operating system, it cannot become compliant in its current state. You can do one of the following:
- Upgrade the operating system.
- Replace your device with one capable of running a supported operating system.
If you need assistance, contact your local support.
Option 2: Disavowal
Indicate that the device is no longer being used.
- Open mydevices.stanford.edu to see a list of devices and their compliance statuses.
- Click the Remove button for that device.
- Select the reason for removal and click the Submit button.
Option 3: Exception
Submit an exception request for computers that cannot support encryption due to special research requirements.
- Request a compliance exception.
- Your exception request will be reviewed within one week.
Option 4: No action
- Receive weekly email notifications until the device's enforcement grace period has expired.
- Campus network access will be restricted for any device that remains non-compliant after its grace period has expired.
Windows
Compliance is required for all Windows devices used by employees on the campus network.
Step 3: Determine if your device can be encrypted.
Supported Operating Systems
The policy for minimum software versions at Stanford is N-2, the current version plus the two most recently supported versions available. For more information, go to sunset.stanford.edu.
Yes
Proceed to Step 4
Step 4: Do you (or will you) access or store High Risk Data using this device?
No
Proceed to Step 5.
Step 5: Which encryption service should you use?
For those Stanford and personally owned devices that are not compliant, choose and download the option that best meets your needs:
| Features | Encryption with Management | Encryption with Reporting |
|---|---|---|
| Verifiably encrypts computer | ||
| Complies with Stanford encryption requirement for High Risk Data | ||
| Deploys security patches and computer updates automatically via management | ||
| Reports computer's encryption and screen saver status | ||
| Securely stores encryption key | optional | |
| Supported Operating Systems |
The policy for minimum software versions at Stanford is N-2, the current version plus the two most recently supported versions available. For more information, go to sunset.stanford.edu. |
The policy for minimum software versions at Stanford is N-2, the current version plus the two most recently supported versions available. For more information, go to sunset.stanford.edu. |
| Install SDR for Windows | Install VLRE for Windows |
If your device cannot be encrypted:
Option 1: Upgrade or replace
If your device is not running a supported operating system, it cannot become compliant in its current state. You can do one of the following:
- Upgrade the operating system.
- Replace your device with one capable of running a supported operating system.
If you need assistance, contact your local support.
Option 2: Disavowal
Indicate that the device is no longer being used.
- Open mydevices.stanford.edu to see a list of devices and their compliance statuses.
- Click the Remove button for that device.
- Select the reason for removal and click the Submit button.
Option 3: Exception
Submit an exception request for computers that cannot support encryption due to special research requirements.
- Request a compliance exception.
- Your exception request will be reviewed within one week.
Option 4: No action
- Receive weekly email notifications until the device's enforcement grace period has expired.
- Campus network access will be restricted for any device that remains non-compliant after its grace period has expired.
iOS
Compliance is required for all iOS devices used by employees on the campus network.
Step 3: Determine if your device can be encrypted.
Supported Operating Systems
Apple Device: iOS 10 or later
If your device cannot be encrypted:
Option 1: Upgrade or replace
If your device is not running a supported operating system, it cannot become compliant in its current state. You can do one of the following:
- Upgrade the operating system.
- Replace your device with one capable of running a supported operating system.
If you need assistance, contact your local support.
Option 2: Disavowal
Indicate that the device is no longer being used.
- Open mydevices.stanford.edu to see a list of devices and their compliance statuses.
- Click the Remove button for that device.
- Select the reason for removal and click the Submit button.
Option 3: Exception
Submit an exception request for computers that cannot support encryption due to special research requirements.
- Request a compliance exception.
- Your exception request will be reviewed within one week.
Option 4: No action
- Receive weekly email notifications until the device's enforcement grace period has expired.
- Campus network access will be restricted for any device that remains non-compliant after its grace period has expired.
Android
Compliance is required for all Android devices used by employees on the campus network.
Step 3: Determine if your device can be encrypted.
Supported Operating Systems
Android Device: Android 6.0 or later
If your device cannot be encrypted:
Option 1: Upgrade or replace
If your device is not running a supported operating system, it cannot become compliant in its current state. You can do one of the following:
- Upgrade the operating system.
- Replace your device with one capable of running a supported operating system.
If you need assistance, contact your local support.
Option 2: Disavowal
Indicate that the device is no longer being used.
- Open mydevices.stanford.edu to see a list of devices and their compliance statuses.
- Click the Remove button for that device.
- Select the reason for removal and click the Submit button.
Option 3: Exception
Submit an exception request for computers that cannot support encryption due to special research requirements.
- Request a compliance exception.
- Your exception request will be reviewed within one week.
Option 4: No action
- Receive weekly email notifications until the device's enforcement grace period has expired.
- Campus network access will be restricted for any device that remains non-compliant after its grace period has expired.
Other Devices
Devices running Linux and Windows Phone are temporarily exempt from the encryption requirement.
Do not store High Risk Data without a formal exception.
