Question OPDC-08
Does your system employ encryption technologies when transmitting sensitive information over TCP/IP networks (e.g., SSH, SSL/TLS, VPN), such as system-to-system and system-to-client?
| Weight | 40 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Include all types of encryption; remote-access, application/database, end-user-to-system, etc.
Answering "YES"
Include all types of encryption; remote-access, application/database, end-user-to-system, etc.
Reason for Question
The need for encryption in transport is unique to your institution's implementation of a system. In particular, system components, architectures, and data flows all factor into the need for this control. Ensure that vendor responses cover encryption between the hosts within their system; this is the important piece that follows-up on OPDC-05.
Follow-Up Inquiries
Follow-up inquiries for data encryption within the system components (and end-users) will be institution/implementation specific.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]