All devices covered by the security mandate must be encrypted using the operating system's native encryption facilities. For Mac OS FileVault 2 is required, and for Windows desktop operating systems BitLocker is required. Mobile iOS and Android devices must be encrypted using their available built-in technologies.
For Mac OS and Windows devices, either BigFix or VLRE must be installed in order to verify encryption in an ongoing way that can be centrally audited. Devices that have access to High Risk Data must have BigFix installed and be configured for Stanford Whole Disk Encryption (SWDE) settings management .
In the case of mobile iOS and Android devices, Stanford's Mobile Device Management service is required for faculty, staff and postdoc devices used on Stanford campus networks.
All Windows XP devices not being used for highly specialized purposes must be upgraded or replaced.
For devices that are used for highly specialized purposes and cannot be made compliant, an exception request must be approved.
You are strongly encouraged to maintain back-ups of your data for all encrypted devices
See Security Requirements Questions and Answers for more information .