U12: Confidential information in any form must be appropriately protected.

U8: All devices (including desktops, laptops and mobile devices such as smartphones and tablets) storing or processing confidential information must meet Harvard device protection requirements.

See User Device Requirements.

D3: Operating system and application patches must be applied promptly.

Note: Enforcement of configurations for personally-managed devices will be phased in, beginning with alerts of non-compliance and grace periods to resolve detected gaps.
D1: All devices connecting to or installed on a non-guest Harvard network or authenticating to Harvard applications must be configured for secure operation, including non-default unique passwords/credentials that limit access to authorized individuals and services, proper registration of the device on the network, current and supported operating system (firmware and software), regular updates and...

D2: The information stored on the device must be protected against access if the device is lost, stolen, or recycled/reissued to another user. All mobile devices (laptops, mobile phones, etc.) and workstations that may be used to store or access Harvard information, including accessing Harvard email, must be securely configured, including encryption of data stored on the device, where this feature is supported.