USB Drives
The UF Mobile Computing and Storage Devices Standard requires that all portable storage devices be fully encrypted. We currently recommend the following hardware-encrypted devices:
- Apricorn Aegis – Multiple models in both USB stick flash drives and external hard drive form factors. Especially useful for use with specialty equipment because the passcode is entered on the device keypad and requires no drivers.
- Kingston IronKey – Multiple models in both USB stick flash drives and external hard drive form factors, with various additional features
Purchasing Drives
Drives can be purchased through various MyUF Marketplace vendors found in the Office Suppliers/Books/Computers/Electronics section of the Marketplace. If purchasing larger quantities or custom printing the UF logo, contact the suppliers directly for quotes. Supplier contact information is available on the Procurement website.
The intent of the UF policy and standard is that all storage devices will be encrypted. There are two very narrow and limited exceptions. See Exceptions for encrypting portable storage devices for more information.
“Data in any format collected, developed, maintained or managed by or on behalf of the University, or within the scope of University activities, that are subject to specific protections under federal or state law or regulations or under applicable contracts.” - UF policies on Restricted Data
Examples include, medical records, social security numbers, credit card numbers, Florida driver licenses, non-directory student records, some research protocols and export controlled technical data.
Portable, external hard drives must also be encrypted. The UF drive recommendations include multiple models of high-capacity drives. Some include passcode entry on a device keypad, rather than requiring a driver to enter the password on the attached computer. This makes them suitable for use with lab equipment and other situations in which a driver cannot be installed.
Other models are acceptable, but it must be verified that the drives are truly hardware encrypted. Many drives advertised as ‘secure’ just implement a password in software, but the data is not actually encrypted and thus is easily accessible even without the password.
Mobile computing devices purchased with University of Florida funds, including, but not limited to contracts, grants, and gifts, must be recorded in the unit’s information assets inventory. Mobile storage devices, including USB flash drives and CD or DVD media, do not need to be inventoried.
There are two exceptions included in the Mobile Computing and Storage Devices Standard that have a very limited scope:
Specific uses where no Restricted Data will be stored and encryption would interfere with the device’s intended use. Devices used in this way must be clearly marked as not for use with Restricted Data.
This exception is intended only for situations such as SD cards used in digital cameras or bootable USB drives used to install operating systems. This does not include situations in which encryption is inconvenient or adds undesired complexity.
Specific uses in which devices are used for marketing and public relations, no Restricted Data will be stored, and the intended recipient is not a member of the UF Community. Devices used in this way must be clearly marked as not for use with Restricted Data.
This exception is limited to marketing activities such as if prospective students are provided publicly available materials in an electronic form, or when team rosters are submitted to organizers of athletic events.