Harvard-managed or Harvard-purchased laptops and desktops must run Crowdstrike endpoint detection and response client. For other configuration detail, check with your...
Portable storage media, such as approved USB drives, optical and tape media must be encrypted with strong passwords and proper key management in order to store Level 4 information. If you need an approved USB drive, have questions or need help, send an email to ithelp@harvard.edu to request an information security consultation for Harvard-approved external encrypted portable storage media.
Work from materials stored on approved servers or services and do not copy them to your local system. If you are conducting field research to collect Level 4 data and cannot meet this requirement send an email to ithelp@harvard.edu to request an information security consultation for Harvard-approved external encrypted portable storage media and process.
Do not store Level 3 information on unencrypted devices. For more information on how to ensure that your personal devices are encrypted, see Personal Device Security Guides.
U15: All users of confidential Information must both acknowledge a confidentiality agreement and be appropriately trained. Information Security Awareness training for staff is available and required.
U11: Information designated Level 4 or higher must not be stored on user computing devices, including portable computing devices such as laptops, smartphones, or tablets. Level 4 information may be stored on external encrypted portable storage media.
U10: Information designated Level 3 or higher may only be used, stored or processed on servers or services (such as file sharing or collaboration services, file transfer systems, cloud-based backup and recovery services, etc.) that meet applicable Harvard data protection requirements.
