In compliance with a directive by The University of Texas System (UTS) Board of Regents, and UT System Security Practice Bulletin #1, all University of Texas at El Paso (UTEP) owned/leased laptops must be fully encrypted by August 31, 2012. As with most portable devices, laptops are at a high risk of being lost or stolen. The portability of these laptops poses a significant risk to exposure of confidential information stored on them. It is imperative that all employees know that confidential data must not be downloaded to a portable or personally-owned device without the express permission of the data Owner, and that any such data must be encrypted using Institutional ISO approved methods. Encrypting these devices will make it unfeasible for unauthorized retrieval of this information should a device be lost or stolen.
The encryption process will provide full-disk encryption by a government-certified product. What this means is that the contents of the entire hard drive will be made unreadable to unauthorized users. Please visit the following pages for more information.
The project consists of six phases; these included:
- Campus Awareness - several bulletins will be sent to all Faculty and Staff explaining the Laptop Encryption Initiative. It is extremely important that laptop users perform a full backup of any data residing on the laptop prior to August 17th. Backing up all data files will insure that data is not inadvertently lost should the system encounter a problem during encryption;
- Gather a Comprehensive and Up-to-Date Inventory of All Portable Devices Used to Conduct University Business - a survey will be sent to all Faculty and Staff to gather pertinent information on laptops (e.g., UTEP Inventory Tag Number, computer/host name, point of contact, type of Operating System, etc.);
- Build the Infrastructure - this portion of the project has been completed and is currently in service;
- Product Training and Support - training is currently underway and is being provided to all Technology Implementation Managers (TIMs), departmental administrators, technology support personnel, as well as other support personnel for assistance with password recovery, etc.;
- Manual Encryption Client Deployment - This phase of the project is currently underway. Laptops that are not currently part of the Miners domain will need to have the encryption client installed manually. Please contact your TIM or the ISO for assistance; and
- Automated Encryption Client Deployment to Miners Domain - On August 17, 2012 the encryption client will be automatically deployed to campus laptops using group policy. The policy will only affect laptops which are part of the Miners domain and have a Windows Operating Systems (e.g., Windows XP, Windows 7).
- Encryption Client Deployment
- Manual Deployment: Laptops that are not part of the Miners domain will need to have the encryption client installed manually. Please visit Encryption Client Deployment#Manual Deployment for details.
- Automated Deployment: Laptops that are part of the Miners domain will install the client via a "Computer Start-up Script". Please visit Encryption Client Deployment#Automated Deployment via Group Policy for details.
Help the University meet compliance by completing the Laptop Encryption Initiative Survey if you use a University-owned laptop.
Exemptions from the encryption requirement will be considered only in rare situations. Effective May 3, 2013, please fill out the Device Encryption Exemption Form and route to the CISO for approval. If denied, the form will be routed to the VPIR and/or the President for final disposition. Formerly, all requests were to be reviewed for approval/denial by the President and UTS and were to be reviewed on a "per laptop basis". Exemptions for labs need to list each laptop individually. To download and submit an exemption for consideration, please click on the form link: Device Encryption Exemption Form.
Frequently Asked Questions
Please visit the Laptop Encryption Frequently Asked Questions (FAQs) section. This site is frequently updated as additional information becomes available.