Skip to main content

Information Security Office

Encryption Compliance Calculation

Encryption Compliance Status

Status of a department's encryption compliance can be reviewed by the department's Information Security Associate (ISA), Desktop Support Associate (DSA) or other authorized users by logging onto the ISO's isobridge web site at  If an ISA or DSA user needs access contact the ISO at, for other authorized users please have the department head send an email to asking for access.

Devices considered in the compliance calculations (see the Full disk Encryption page for details)

  • Laptops: All university owned laptops must be encrypted. Devices that may be tablets, but run a typical laptop operating system, are considered to be a laptop for compliance calculations (ie the Dell Surface Pro tablets run Windows OS).

  • Desktops: All University owned desktops purchased after September 1, 2013, any identified by the department head as being high risk, and any OIT reimaged desktops must be encrypted.

  • Mobile Devices: All university owned mobile devices (non-Windows OS tablets, phones, etc).

  • Note: personal devices of users that have permission to store University data must meet the same security configuration specifications. (See Personal Full Disk Encryption)

  • Encryption Exceptions: Encryption Exception Request may be made by sending "Form 18-1 Computing Device Encryption Exception Request" located in the HOP to the ISO at

Sources of Encryption Status Used

  • SecureDoc: SecureDoc is the primary method for encrypting most computer assets. Encryption status is currently being uploaded to the compliance site 3 times a day, Monday – Friday.

  • Jamf/FileVault 2: – Apple Macs can now be managed by Jamf and encrypted using the native FileVault 2 encryption. Encryption Status is reported to Jamf once a week, or upon the next logon on after a week. The Jamf status will be uploaded to the compliance site twice a month.

  • Key Ring/Apple Ring: Internally developed key management applications that will allow the use of native bitlocker encryption for windows devices, and FileVault2 encryption for Apple devices that will safely escrow encryption keys. These applications were developed as a temporary solution to allow for encryption of devices that could not be encrypted using SecureDoc. Key Ring and Apple Ring managed devices report automatically to the compliance site.

  • Encryption Exceptions:  Approved Encryption Exceptions are recorded in compliance site, and are considered compliant if all risk mitigation requirements are met. (ie cable locks, DeepFreeze if required).  Exceptions will be set to expire after 1 year, upon which they will need to be reviewed.

  • DeepFreeze: used as a mitigation method for approved exceptions to the encryption compliance. Deep Freeze status will be uploaded to the compliance site twice a month.

  • Airwatch MDM Solution:  Approved method to protect university owned devices.  Compliance statistics will be uploaded to the site on a weekly basis.

Encryption Compliance Calculations

Encryption Compliance is calculated using the number of machines required to be encrypted in the department AND any children departments.  To be considered compliant, the device must be encrypted using one of the authorized methods or have a valid approved encryption exception, and must have reported into the encryption management system within 120 days.

  • Desktop compliance is calculated using the formula "(number of compliant in scope desktop devices + number of compliant unknown form factor devices) / (total number in scope desktop devices + total number unknown form factor devices)"

  • Laptop compliance is calculated using the formula "number of compliant laptop devices / total number laptop devices"

  • Mobile Device compliance is calculated using the formula "number of compliant mobile devices / total number mobile devices"

  • Total compliance is calculated using the formula "(number of compliant in scope Desktops + unknown form factor devices + compliant laptop devices) / (total number of in scope desktops + total number of unknown form factor devices + total number of laptop devices)."  When the Mobile Device Management application is live, the results from the MDM product will also be included in the total compliance calculation.

  • Note that Non High Risk/Out of Scope Devices and Missing/Stolen/Surplused Devices are not included in the compliance calculations.