Important Developments in Endpoint Encryption
The endpoint encryption initiative has entered a new phase with three important developments to be announced in a campus-wide memo scheduled for October 14:
- Mobile devices: All faculty, staff and postdoc Apple and Android mobile devices used for Stanford activities on the campus network are now subject to the verifiable encryption requirement with an enforcement date of February 4, 2016 (noting that those used to access, transmit, or store High Risk Data should already be encrypted). Airwatch MDM is Stanford's mobile device security solution. We are exploring the feasibility of using the Duo mobile app as an alternative offered to those handling only Low or Moderate Risk Data.
- Individual notifications: Beginning October 15 (and initially spread over four weeks to manage the support load), weekly email notifications will be sent to any faculty, staff, or postdoc who is using a laptop, desktop, or mobile device on the campus network that does not meet the university's verifiable encryption requirements (encrypt.stanford.edu). Notifications will refer to the MyDevices portal and will list the recipient's non-compliant devices along with the remaining grace period for each. As a special case, communications to School of Medicine users who are handling High Risk Data and the enforcement of their encryption requirements will continue to be managed via AMIE.
- Network restrictions: After February 4, 2016, campus network access will be restricted for any remaining non-compliant laptop, desktop, and mobile devices. Going forward from then, any new devices (and existing devices that fall out of compliance) will have a 30-day grace period to become compliant before the network restrictions are applied.
For each device in MyDevices, you will have four options:
1. Disavowal: Indicate that the device is no longer being used.
a) Open mydevices.stanford.edu to see a list of devices and their compliance statuses.
b) Click the Remove button for that device.
c) Select the appropriate reason for removal and click the Submit button.
2. Remediation: Bring the device into compliance.
a) Open mydevices.stanford.edu to see a list of devices and their compliance statuses.
b) Click on the device's link in the Model column to open its details page.
c) Complete the specified actions in the Compliance Information section.
3. Exception: Submit an exception request for computers that cannot support encryption due to special research requirements.
a) Open encrypt.stanford.edu and use the exception link in the second paragraph.
b) Your exception request will be reviewed within one week.
4. No action:
a) Receive weekly email notifications until the device's enforcement grace period has expired.
b) Campus network access will be restricted for any device that remains non-compliant after its grace period has expired.
To learn more about Stanford's encryption program, please see encrypt.stanford.edu.
DISCLAIMER: UIT News is accurate on the publication date. We do not update information in past news items. We do make every effort to keep our service information pages up-to-date. Please search our service pages at uit.stanford.edu/search.