All devices covered by the security mandate must be encrypted using the operating system's native encryption facilities. For macOS FileVault 2 is required, and for Windows desktop operating systems BitLocker is required. Mobile iOS and Android devices must be encrypted using their available built-in technologies.
For macOS and Windows devices, Jamf, BigFix or VLRE must be installed in order to verify encryption in an ongoing way that can be centrally audited. Devices that have access to High Risk Data must have Jamf or BigFix installed, and in the case of BigFix must be configured for Stanford Whole Disk Encryption (SWDE) settings management .
In the case of mobile iOS and Android devices, Stanford's Mobile Device Management service is required for faculty, staff and postdoc devices used on Stanford campus networks.
Generally speaking only the three most recent versions of macOS, Windows, iOS and Android are acceptable, and any older systems, as listed on the Service and Software Sunset Schedule page, will be considered non-compliant.
For devices that are used for highly specialized purposes and cannot be made compliant, an exception request must be approved.
You are strongly encouraged to maintain back-ups of your data for all encrypted devices
See Security Requirements Questions and Answers for more information .