Question HLDA-03
Is sensitive data encrypted, using secure protocols/algorithms, in storage? (e.g., disk encryption, at-rest, files, and within a running database)
| Weight | 20 |
| High Risk | No |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Describe why sensitive data is not encrypted in storage.
Answering "YES"
Summarize your data encryption strategy and state what encryption options are available.
Reason for Question
The need for encryption at rest is unique to your institution's implementation of a system. In particular, system components, architectures, and data flows all factor into the need for this control.
Follow-Up Inquiries
Follow-up inquiries for data encryption at-rest will be institution/implementation specific.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]