Skip to main content
uta
uta

How to Maintain Encryption Compliance

How to Maintain Full Disk Encryption Compliance

Status of a department's encryption compliance can be reviewed by the department's Information Security Administrator (ISA), Desktop Support Associate (DSA) or other authorized users by logging onto the ISO's isobridge web site at https://isobridge.uta.edu.  If an ISA or DSA user needs access contact the ISO at security@uta.edu; for other authorized users please have the department head send an email to security@uta.edu asking for access.

Devices considered in the compliance calculations (see the Full disk Encryption page for details)

  • Laptops: All university owned laptops must be encrypted. Devices that may be tablets, but run a typical laptop operating system, are considered to be a laptop for compliance calculations (ie the Dell Surface Pro tablets run Windows OS).

  • Desktops: All University owned desktops purchased after September 1, 2013, any identified by the department head as being high risk, and any OIT reimaged desktops must be encrypted.

  • Mobile Devices: All university owned mobile devices (non-Windows OS tablets, phones, etc).

  • Note: personal devices of users that have permission to store University data must meet the same security configuration specifications. (See Personal Full Disk Encryption)

  • Encryption Exceptions: Encryption Exception Request may be made by sending "Form 18-1 Computing Device Encryption Exception Request" located in the HOP to the ISO at security@uta.edu.

Approved Methods of Encryption

  • SecureDoc: SecureDoc is the primary method for encrypting most computer assets. Encryption status is currently being uploaded to the https://isobridge.uta.edu compliance site 3 times a day, Monday – Friday.

  • Jamf/FileVault 2: – Apple Macs can now be managed by Jamf and encrypted using the native FileVault 2 encryption. Encryption Status is reported to Jamf once a week, or upon the next logon on after a week. The Jamf status will be uploaded to the https://isobridge.uta.edu compliance site twice a month.

  • Key Ring/Apple Ring: Internally developed key management applications that will allow the use of native bitlocker encryption for windows devices, and FileVault2 encryption for Apple devices that will safely escrow encryption keys. These applications were developed as a temporary solution to allow for encryption of devices that could not be encrypted using SecureDoc. Key Ring and Apple Ring managed devices report automatically to the https://isobridge.uta.edu compliance site.

  • Encryption Exceptions:  Approved Encryption Exceptions are recorded in https://isobridge.uta.edu compliance site, and are considered compliant if all risk mitigation requirements are met. (ie cable locks, DeepFreeze if required).  Exceptions will be set to expire after 1 year, upon which they will need to be reviewed.

  • Airwatch MDM Solution:  Approved method to protect university owned devices.  Compliance statistics will be uploaded to the https://isobridge.uta.edu site on a weekly basis.

  • For exceptions - DeepFreeze: Deepfreeze is used as a mitigation method for approved exceptions to the encryption compliance as it is designed to prevent the storage of data. Deep Freeze status will be uploaded to the https://isobridge.uta.edu compliance site twice a month.

How to maintain compliance

Encryption compliance requires devices to "check in" at least once every 120 days.  This is to show that they are still active devices and are still encrypted. For details on how compliance is calculated see the Encryption Compliance Calculation page.

Listed below are way to ensure your devices regulary check in based on device and encryption types.

Windows Desktops or Laptops Running SecureDoc

1. Best results are obtained by regularly connecting the unit to the campus wired Ethernet with wireless disabled.
2. Go to the task bar and right click on the SecureDoc icon:

                 SecureDoc Icon     SecureDoc Icon
3. Select "communicate with server".
4. Wait for a pop-up message stating "SecureDoc communicated to Server successfully".

Apple Macintosh Computers Using FileVault2 with JAMF

1. Best results are obtained by regularly connecting the unit to the campus wired Ethernet with wireless disabled.
2. Power up the unit and log in.
3. Leave the unit plugged in for an hour

Apple Macintosh Computers Running SecureDoc

1. Best results are obtained by regularly connecting the unit to the campus wired Ethernet with wireless disabled.
2. Locate the SecureDoc icon for the SecureDoc Control Center, a rectangular icon with a key that should be available on the upper right hand side of your Status Menu bar:

                SecureDoc Icon               
2. Right click on the icon
3. Select "communicate with server".
4. Wait for a pop-up message stating "SecureDoc communicated to Server successfully".

OSA Encrypted Computers

1. After making sure that the computer is connected to a network, power off the compter then power it on.
2. Log on past the SecureDoc login screen.

Windows BitLocker Encrypted Devices using KeyRing Key Escrowing

1. These devices require SCCM to be installed for reporting compliance.
2. Best results are obtained by regularly connecting the unit to the campus wired Ethernet with wireless disabled.
3. Power up the unit and log in.
4. Leave the unit plugged in for an hour

Devices Not on Campus

1. Users will need to VPN into UT Arlington’s network to allow cummunication as described above.
2. Description: Cisco VPN AnyConnect client is used to connect to UTA VPN on most platforms, including 64-bit operating systems.
3. How to Get: Click on the link to sign in with your UTA NetID and Password and begin installation.
Direct link https://vpn.uta.edu
4. How to Use:
  • Browse to https://vpn.uta.edu from an off-campus network connection.
  • Enter your NetID (in all lower case letters) and Password. You may need to put uta\ in front of your NetID.
  • Follow the on-screen instructions.