Skip to content Skip to navigation

Endpoint Compliance

Endpoint Compliance

Stanford's data needs protection wherever it goes. University computing equipment and other endpoint devices used for sensitive Stanford business must be configured to provide that protection.

Endpoint Encryption Requirements

  • All University employees, including faculty and staff, must comply.
  • All Stanford-owned laptops and desktops must be encrypted. All personally-owned laptops and desktops on the Stanford network must be encrypted.
  • All endpoints that store, process or transmit High Risk Data — including Protected Health Information (PHI) — must be managed by BigFix or Mobile Device Management (MDM) and encrypted.
  • All devices must have operating systems that are supported by the vendor with security updates. This requirement is suspended for devices that manage scientific instruments or run unique software applications that cannot be easily upgraded.
  • Endpoint management must be accomplished via BigFix or Mobile Device Management (MDM).
  • These are minimum requirements for all of Stanford. Any additional requirements of individual departments or organizations also apply.

How do I comply?

The university provides Mobile Device Management (MDM) for smartphones and tablets and Stanford Whole Disk Encryption (SWDE) for laptop and desktop computers. If your device is subject to the rules and is on a supported platform, compliance is required.

Device Management and Encryption Requirements by Platform

Operating System Compliance Required Recommended Action
Windows Yes SWDE for Windows
Mac OS X Yes SWDE for Mac
Linux Temporarily Exempt * Do not store High Risk Data without a formal exception.
iOS Required for High Risk Data. Recommended for all. Mobile Device Management (MDM)
Android Required for High Risk Data. Recommended for all. Mobile Device Management (MDM)
Blackberry Temporarily Exempt * Do not store High Risk Data without a formal exception.
Windows Phone Temporarily Exempt * Do not store High Risk Data without a formal exception.

*See the section on compliance exceptions for more information about exempt devices.

Consult your department's IT support for any additional requirements. For example, in the School of Medicine see the school's Data Security web site.

For specialized cases, encryption without management is available using VLRE.

Compliance Exceptions

Endpoints that are critical to Stanford business but that cannot comply with these rules (such as dedicated instrument systems) must follow a formal exception process, and suitable compensating controls should be implemented. Request a compliance exception.

Local Computer Support

School Support

Unit Website Help
Graduate School of Business IT Service Desk Submit help request
Graduate School of Education Office of Innovation & Technology Submit help request
School of Earth, Energy, and Environmental Sciences Computing Resources Submit help request
School of Engineering IT Support Desk Submit help request
School of Humanities and Sciences Information Technology at Dean's Office Submit help request
School of Law Office of Information Technology Contact us
School of Medicine Med IRT Submit help request

General Computing Support

Back to top