Please report any problems to the Shared Tools Team at st-help@doit.wisc.edu    Broken Links? Missing Macros? WIKI Retiring Plugins
Child pages
  • Encryption Subcommittee Description
Skip to end of metadata
Go to start of metadata

File Created

Encryption Subcommittee Description-2018-03-07.docx

Mar 09, 2018 14:08

Encryption Subcommittee

of the Policy Planning and Analysis Team

Purpose

The purpose of the Encryption Subcommittee of the Policy Planning and Analysis Team (PAT) is to make recommendations on how to bring UW-Madison IT policy into alignment with the encryption requirements embedded in  UW System Administrative Procedure 1031B Information Security: Data Protections . The UW-Madison Storage and Encryption Policy and Standard are the current UW-Madison IT policy documents that most directly address the topic.

Organization and Reporting

The Subcommittee is commissioned by the PAT Executive Committee (PAT EC) as described in the PAT Charter . The PAT EC serves as the sponsor of the the Subcommittee, and will advise the Subcommittee as needed.  The Subcommittee reports to the PAT EC, which will comment on and pass the Subcommittee’s recommendations to the PAT, and from there onward to the Office of Cybersecurity ,  the UW-Madison Information Security Team (UW-MIST), the Office of the CIO , and the appropriate IT Governance groups.

Scope

The Subcommittee :

  1. should make recommendations on how UW-Madison should implement the encryption requirements of the UW System policy. This should include recommendations about the UW-Madison Storage and Encryption Policy and Standard.
  2. should make recommendations for the storage and transmission use cases where encryption is a high priority, (i.e. higher priority than routine administrative work.)  For each use case, indicate examples of various encryption solutions that are applicable.
  3. Make any additional recommendations such as additional use cases and example solutions that could apply at moderate priority.

Out-of-Scope

The Subcommittee :

  1. should not write or revise the text of UW-Madison IT policies and related documents. The IT Policy Process will be used to create or revise IT policy documents.
  2. should not recommend specific encryption solutions. Citing examples to illustrate the types of solutions is sufficient. The UW purchasing procedures will be used when it is necessary to select and purchase specific solutions.

Timeframe

  1. The Subcommittee should deliver a preliminary report by May 11 th , including sufficient detail to assist in documenting any necessary compensating controls related to the UW System policy.
  2. The Subcommittee should deliver a report by July 13 th , including policy recommendations and a list of use cases.

  • No labels