Encryption used to protect critical business information must be in accordance with Worcester State cryptographic standards and practices.
Encryption will be used to greatly increase the level of effort and difficulty for unauthorized users to gain access to sensitive or confidential data.
Users must verify that encrypted information can be decrypted before deleting the original, clear text data. Data recovery encryption key escrow must be performed in accordance with processes approved by the Data Security Officer.
Users are strongly encouraged to store private and/or highly sensitive date in an approved Worcester State University enterprise database. Private and/or highly sensitive data must be encrypted if it does not reside in an approved Worcester State University enterprise database. Data encryption must occur real-time.
Users are encouraged to store encrypted volumes on a secure network location.
Key size shall be not be less than the minimum standard established by University Technology Services.
- Bitlocker is free and included with Vista and Windows 7.
- Bitlocker is easy to use, integrates with ADS, and uses current WSU Network password schema in place (NB: There is no need for separate password.) Bitlocker enables UTS to reset the encryption password as needed with no data loss.
- Full disk encryption must be installed and configured by UTS.
- Bitlocker would require that computers be upgradeable to Vista/Windows 7. UTS is ready to make this move on the designated units. If a unit cannot be upgraded to Vista, UTS will useTrueCrypt.
- TrueCrypt is not integrated with ADS; users are obligated to remember their disk encryption password. If a Truecrypt password is lost, the unit will be reimaged. To avoid this, users are encouraged to escrow their encryption password with UTS.
Approved By: Managers and CIO
Date of Origination: 5/9/2008
Last Review: 4.10.2012