Requirements
The following are the minimum security requirements that must be followed for each DCL.
Click to expand all categories.
Portable Storage Devices
|
|
Level 1:
Public Data
Device must be physically secured at all times.
Report lost or stolen devices that are used for work purposes, regardless of ownership, to the appropriate ISO per the Mandatory Reporting Requirement.
|
Level 2:
Sensitive Data
Must comply with DCL1 requirements.
Device encryption or password protection for files stored on the storage device is recommended.
|
Level 3:
Restricted Data
Must comply with DCL1 and DCL2 requirements.
|
Level 4: Highly
Restricted Data
Must comply with DCL1, DCL2 and DCL3 requirements.
Device encryption required.
|
|
Levels 1-4:
All portable storage devices that are surplused or otherwise disposed of must follow University surplus property and data disposal policies.
|
|
Levels 1-4:
Personally-owned portable storage devices used for University business must be managed according to the same standards as University-issued devices.
|
|
Levels 1-4:
Review and follow the Information Security Travel Standard when traveling with a portable storage device.
|