[Download MS Word Viewer here]

The most reliable way to protect the university's sensitive, protected electronic information is to avoid handling it in the first place. Sensitive university information should be retained or handled only when required. Encryption can be an effective information protection control when it is necessary to possess sensitive university data.

You should understand that data encryption is not a substitute for other information protection controls, such as access control, authentication, or authorization; that data encryption should be used in conjunction with those other controls; and that data encryption implementations should be proportional to the protection needs of the data.

These guidelines serve as supplements to the CSU ICSUAM security policies, and were drafted to better assure the Confidentiality, Integrity and Availability of the university's information. The objective of these guidelines is to provide guidance in understanding encryption and the myriad complexities which might arise in its use.