The computer security mandate's key requirement is verifiable encryption of all devices that meet any of these criteria:
- The device will be connected to the Stanford network (excluding Stanford Visitor and eduroam wireless networks, and sponsored wireless access for guests); or
- The device is owned by Stanford regardless of location; or
- The device will be used to access High Risk Data from any location regardless of ownership.
All devices covered by the mandate must be encrypted using the operating system's native encryption facilities. For macOS FileVault 2 is required, and for Windows desktop operating systems BitLocker is required. Mobile iOS and Android devices must be encrypted using their available built-in technologies.
In the case of macOS and Windows, either BigFix or VLRE must be used to verify encryption in an ongoing way that can be centrally audited. In the case of mobile iOS and Android devices, Stanford's Mobile Device Management service must be used. For more information see Security Requirements Questions and Answers.
