Encryption Enforcement Expands
Whether you know it as the computer security mandate or device compliance or endpoint encryption enforcement, it is likely you've heard about it. The university established a requirement to verifiably encrypt all Windows and Mac desktops and laptops, as well as Apple and Android mobile devices, used by employees on the campus network.* Since first announcing the policy in January 2014, Stanford has made great strides to protect the data on its computing devices from misuse as a result of loss or theft. Beyond the primary goal of protecting the data, many additional data loss issues have been mitigated simply by device owners like you complying with the policy, helping Stanford avoid fines and negative publicity.
In March, we will finish rolling out automated notifications to all of campus. That means that you get an email when any of the computing devices you're using on the campus network do not appear to be compliant with the policy. We send reminders, and give you 30 days after the initial notification to make the device compliant before its network access is restricted. These notifications have already proven to be a great aid to our ongoing program to keep Stanford computing devices compliant.
In February, a new feature was added to My Devices, the web application that lets you check the compliance status of any of your computing devices that are registered on the campus network. The new feature is available for mobile devices. On the details page for your mobile device, you'll now find an Update Enrollment button. After clicking it, you can update enrollment information about your Stanford affiliation and whether your mobile device is used to access High Risk Data. Whether you're faculty, staff, or a student, keeping this information up to date is important for ensuring you have the right level of protection for the data you access or store.
* All faculty and non-student staff are required to encrypt their devices when using the Stanford network. Students and affiliates whose status is not mandated and who do not access High Risk Data with a specific device can exempt that device from the Stanford information security requirements by updating its enrollment information. Review the instructions for updating the enrollment information for each of your devices by following the instructions on the UIT website.