REQUEST HELP
How to Find Us

Contact ITS

Exley Science Center
ITS Service Desk / Help Desk - 1st Floor Lobby
265 Church Street
Middletown, CT 06459

Main: 860-685-4000

Hours: Monday - Friday
8:30am - 5:00pm

After hours high impact / high urgency IT support

Encryption Standard 

 

Purpose 

To ensure that university data is appropriately encrypted to prevent access by unauthorized individuals. 

 

Scope 

This policy applies to all workstations and servers that store, process, or transmit university data. 

 

Standard 

Encryption types 

Data-at-rest encryption is a control designed to protect information stored on a system.  Data-in-transit encryption is a control designed to protect information traveling between two or more systems. 

University-provided workstations 

All university-provided workstations, regardless of their data classification, are required to run data-at-rest encryption software provided by Information Technology Services.  The specific products currently in use are provided in the Appendix. 

University servers 

All Sensitive servers and Restricted servers are required to use data-in-transit encryption.  All Restricted servers are required to use data-at-rest encryption.   The specific products currently in use are provided in the Appendix.  System administrators who plan to use a product not listed in the Appendix must discuss their planned encryption solutions with the Chief Information Security Officer prior to implementation.  

Exceptions 

All exceptions to this standard require written approval from the Chief Information Security Officer.  All exceptions require annual renewal. 

 

Appendix  

Encryption software – Windows workstations and servers 

All Windows workstations must run Microsoft BitLocker and be configured to report their encryption status through the university-maintained InTune service. 

Encryption software – Apple workstations 

All Apple workstations must run Apple FileVault and be configured to report their encryption status through the university-maintained JAMF service. 

Data-in-transit encryption 

When possible, data-in-transit encryption should be certificate-based.  Certificates should be provided by ITS or through Let’s Encrypt when possible and only purchased from third-party certificate authorities if neither of those choices can be used.  If certificate-based encryption is not an option then using PGP or GPG encryption to encrypt individual files that are being sent or received is acceptable. 

 

Revision History 

August 2024 – Standard adopted