Encryption Guidelines 


For Level 3 Highly Sensitive Institutional Data Stored on Mobile Devices and External Network Transport:

Federal Information Processing Standards (FIPS) compliant encryption is recommended for level 3 highly sensitive data stored on disk and level 3 highly sensitive data transported off campus over a network. The Information Security and Policy Office is available to determine if specific encryption software is acceptable.

 

Either full disk or folder encryption is required for level 3 highly sensitive data stored on mobile devices.

Advanced Encryption Standard (AES) with a 128 bit key or longer is suggested for disk encryption. To prevent data loss, a key management system is strongly recommended. Key management systems should provide secure key storage, distribution, revocation, recovery and escrow. Passwords protecting encryption keys must be complex and at least 15 characters long. Encryption software and support recommendations will follow shortly.

 

Encryption is required for external network transport of level 3 highly sensitive data.

External network transport is defined as network communications originating from or destined to a host outside of the University of Iowa managed network or over any public network. External network transport of level 3 highly sensitive data must be encrypted from source to destination and authenticated using secure socket layer (SSL), transport layer security (TLS), secure shell (SSH) or internet protocol security (IPSEC), or other industry standard secure communications protocol. Plain text based protocols are specifically prohibited for external network transport of level 3 highly sensitive data. Level 3 highly sensitive data should not be sent via e-mail. Encrypted transport must be authenticated with a certificate, username and password or pre-shared key. Pre-shared keys should be at least 64 characters long.

 

Please visit the Encryption Support Center for more information.