Statement

The University information system implements cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Applicability

This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.

Implementation

• Encryption requirements for information storage devices and data transmissions, as well as specific requirements for portable devices, removable media, and encryption key standards and management shall be based on documented WTAMU risk management decisions.
• Confidential information that is transmitted over a public network (e.g., the Internet) must be encrypted.
• Confidential information stored in a public location that is directly accessible without compensating controls in place (e.g., FTP without access control) must be encrypted.
• Confidential information must be encrypted if copied to, or stored on, a portable computing device, removable media, or a non-WTAMU owned computing device.
• The minimum algorithm strength for protecting confidential information is a 128-bit encryption algorithm, subject to WTAMU risk management decisions justified and documented in accordance with 1 Texas Administrative Code Sections 202.71(c) and 202.75.