Missouri State University

Data at Rest/Storage

  • Confidential information is defined as data classified in levels 3-4 in the University Data Classification Levels Policy.
  • If no other option is available, and with supervisory approval, confidential information may be temporarily stored on a mobile device.   Whole device encryption must be used.
  • No confidential information is to be stored externally (e.g., to ‘cloud’ services such as SkyDrive, Dropbox, Google Docs).
  • Confidential information stored on servers must be secured:
  • Preferably, confidential information should be stored on the central secure server in Information Services.
  • Never store confidential information on the same server that contains an active Web server
  • Monitor storage device logs regularly.
  • Use Information Services Server Audit List for suggestions on securing servers.

 

Recommended Tools:

  • Truecrypt
  • PGP Desktop
  • GPG
  • Microsoft BitLocker
  • Microsoft Encrypted File System (EFS)

 

References:

  • NIST SP 800–111 Guide to Storage Encryption Technologies for End User Devices
  • NIST SP 800-57 Recommendation for Key Management, section 5.6.2