The Vice President for Strategic Operations oversees this policy. Information Technology Services (ITS) is responsible for monitoring compliance with the policy and taking any necessary corrective action.
The primary purpose of this policy is to protect restricted data, as defined by the Data Classification Policy, by limiting the use of encryption to those algorithms that have received substantial public review and have been proven to work effectively while setting standards for all use of encryption, and to identify federal exportation regulations regarding encryption technologies.
Minimum Encryption Standards and Encryption Key Management Standards are associated with this policy. Related policies, standards and guidelines may be maintained internally by Information Technology Services.
The university regards any violation of this policy as a serious offense. Violators of this policy are subject to disciplinary action, in addition to possible cancellation of IT resources and systems access privileges. Users of IT resources and systems at Longwood are subject to all applicable local, state and federal statutes. This policy does not preclude prosecution of criminal and civil cases under relevant local, state, federal and international laws and regulations.
Approved by the Board of Visitors, March 20, 2004.
Revised, April 1, 2005.
Revised and approved by the Board of Visitors, September 15, 2006.
Revised and approved by the Board of Visitors, September 12, 2008.
Revised and approved by the Board of Visitors, March 27, 2009.
Revised and approved by the Board of Visitors, March 25, 2011.
Revised and approved by the Board of Visitors, September 14, 2012.
Revised and approved by the Board of Visitors, June 11, 2021.