The UF Mobile Computing and Storage Devices Standard requires that all portable storage devices be fully encrypted. We currently recommend the following hardware-encrypted devices:
- Apricorn Aegis - Multiple models in both USB stick flash drives and external hard drive form factors. Especially useful for use with specialty equipment because the passcode is entered on the device keypad and requires no drivers.
- Kingston IronKey - Multiple models in both USB stick flash drives and external hard drive form factors, with various additional features
Drives can be purchased through various MyUF Marketplace vendors found in the Office Suppliers/Books/Computers/Electronics section of the Marketplace. If purchasing larger quantities or custom printing the UF logo, contact the suppliers directly for quotes. Supplier contact information is available on the Procurement website.
- If I won't place any Restricted data on a flash drive, and typing a password will interfere with my use by making it less convenient, can I just use an un-encrypted USB drive?
The intent of the UF policy and standard is that all storage devices will be encrypted. There are two very narrow and limited exceptions. See Exceptions for encrypting portable storage devices for more information.
- What is Restricted data?
"Data in any format collected, developed, maintained or managed by or on behalf of the University, or within the scope of University activities, that are subject to specific protections under federal or state law or regulations or under applicable contracts." - UF Policies on Restricted Data Examples include, medical records, social security numbers, credit card numbers, Florida driver licenses, non-directory student records, some research protocols and export controlled technical data.
- What about external hard drives?
Portable, external hard drives must also be encrypted. The UF drive recommendations include multiple models of high-capacity drives. Some include passcode entry on a device keypad, rather than requiring a driver to enter the password on the attached computer. This makes them suitable for use with lab equipment and other situations in which a driver cannot be installed.
- Can I use a different model of encrypted USB drive?
Other models are acceptable, but it must be verified that the drives are truly hardware encrypted. Many drives advertised as 'secure' just implement a password in software, but the data is not actually encrypted and thus is easily accessible even without the password.
- Which mobile devices are required to be inventoried?
Mobile computing devices purchased with University of Florida funds, including, but not limited to contracts, grants, and gifts, must be recorded in the unit’s information assets inventory. Mobile storage devices, including USB flash drives and CD or DVD media, do not need to be inventoried.
- What are the exceptions for encrypting portable storage devices?
There are two exceptions included in the Mobile Computing and Storage Devices Standard that have a very limited scope:
Specific uses where no Restricted Data will be stored and encryption would interfere with the device’s intended use. Devices used in this way must be clearly marked as not for use with Restricted Data.
This exception is intended only for situations such as SD cards used in digital cameras or bootable USB drives used to install operating systems. This does not include situations in which encryption is inconvenient or adds undesired complexity.
Specific uses in which devices are used for marketing and public relations, no Restricted Data will be stored, and the intended recipient is not a member of the UF Community. Devices used in this way must be clearly marked as not for use with Restricted Data.
This exception is limited to marketing activities such as if prospective students are provided publicly available materials in an electronic form, or when team rosters are submitted to organizers of athletic events.