- Confidential information is defined as data classified in levels 3-4 in the University Data Classification Levels Policy.
- If no other option is available, and with supervisory approval, confidential information may be temporarily stored on a mobile device. Whole device encryption must be used.
- No confidential information is to be stored externally (e.g., to ‘cloud’ services such as SkyDrive, Dropbox, Google Docs).
- Confidential information stored on servers must be secured:
- Preferably, confidential information should be stored on the central secure server in Information Services.
- Never store confidential information on the same server that contains an active Web server
- Monitor storage device logs regularly.
- Use Information Services Server Audit List for suggestions on securing servers.
- If Export Controls (devices and data leaving the U. S.) may be involved, contact the Director of Research Compliance
- PGP Desktop
- Microsoft BitLocker
- Microsoft Encrypted File System (EFS)
- NIST SP 800–111 Guide to Storage Encryption Technologies for End User Devices
- NIST SP 800-57 Recommendation for Key Management, section 5.6.2