The School of Medicine and Public Health (SMPH) is committed to maintaining the privacy, confidentiality, and security of university-owned data. This policy supports a comprehensive governance, risk, and compliance (GRC) program and serves to be consistent with information security best practices associated with organizational information security management. The purpose of this policy is to set forth requirements and expectations related to and supporting information system data encryption.
This policy applies to all SMPH departments, centers, and institutes.
This policy establishes requirements of necessary controls and processes supporting the implementation of effective encryption methodologies while ensuring the confidentiality, integrity, and availability of departmental and SMPH information systems and university-owned data. This policy maintains that:
45 C.F.R.§ 164.308 Administrative safeguards
45 C.F.R. § 164.310 Physical safeguards
45 C.F.R.§ 164.312 Technical safeguards
45 C.F.R. § 164.314 Organizational requirements
45 C.F.R. § 164.316 Policies and procedures and documentation requirements
FIPS 140-3 Security Requirements for Cryptographic Modules
NIST SP 800-57 Part 1 Rev. 5, Recommendation for Key Management: Part 1 – General
NIST SP 800-131A Rev. 2, Transitioning the Use of Cryptographic Algorithms and Key Lengths
UWS Administrative Procedure 1031.B: Information Security: Data Protections
UWS Policy 1000: Information Security: General Terms and Definitions
01-14-2020, 08-26-2019, 12-20-2021