Skip to main content

Full Disk Encryption and Security on Personally Owned Devices

Neither UT System nor the University requires staff or faculty to use non-University owned devices to conduct University Business; and faculty and staff are encouraged not to do so. However, if faculty or staff choose to use non-University owned computers, such as a personal computer or mobile device, to conduct University business, they are responsible for ensuring that the security and integrity of the data are maintained in accordance with System security requirements. This includes the requirement to ensure that the device is encrypted pursuant to the University requirements. UT System has provided guidance on the encryption requirements for personally owned computers.

Consistent with UTS 165, all non-UT Arlington owned computers, mobile devices, USB thumb drives, or similar devices must be password protected and encrypted using methods approved by the Information Security Office if they contain any of the following types of University Data:

  1. Information made confidential by Federal or State law, regulation, or other legally binding order or agreement;
  2. Federal, State, University, or privately sponsored Research that requires confidentiality or is deemed sensitive by the funding entity; or
  3. any other Information that has been deemed by the U. T. System or a U. T. System Institution as essential to the mission or operations of System to the extent that its Integrity and security should be maintained at all times.

Full disk encryption is only required on your personal computer if you store University data on it. You are not required to encrypt your personally owned computer if:

  • you do not store University data on it
  • you always use a VPN to connect to an on-campus computer using a remote protocol like RDP to work.
  • you only access University data through web applications such as MyMav or UT Share (and you delete any temporary data that is downloaded).

Minimum Standards for Computing Devices Accessing the UT Arlington Network Remotely

In order to protect the UT Arlington network and information, all computers remotely accessing UT Arlington information resources must meet the following minimum requirements:

  1. The operating system must be updated and patched to ensure that the latest security patches have been installed.
  2. The computer must have anti-malware (antivirus) software installed and must be up-to-date with the latest scan engine and anti-malware definitions. Antivirus software must be set to perform weekly full scans.
  3. All applications (including, but not limited to, web browsers, productivity software, document readers, etc.) installed on the computer must be patched and up-to-date.
  4. All computers used to store UT Arlington data must be encrypted with full disk encryption following UT Arlington standards for encryption.
  5. All computers used to store UT Arlington data must be set up with separate user profiles and permissions in order to properly separate and protect University data. Access to University data should be restricted in a manner that will not permit unauthorized access by non-University employees (including, but not limited to, family members who are not University employees and do not have a business need to access University data. The password that is set for such profiles should conform to the University’s standard for complexity, expiration and reuse.
  6. All University data must be backed up to encrypted storage or locations that are approved by UT Arlington.

Encryption for Personal Devices

The Information Security Office recommends using the native operating system encryption tools such as BitLocker (on Windows) or FileVault2 (on Macintosh) for personal computer encryption. They are free and included with some operating systems. Instructions are provided below:

There are alternative encryption applications that you may purchase for personal use if your computer does not support native encryption. Some of these are listed here:

As always, make sure you backup all of your data to a secure location before you attempt encryption.