Transmission Security Policy

Statement of Policy

Washington University in St. Louis (WashU) is committed to conducting university activities in compliance with all applicable laws, regulations and university policies. WashU has adopted this policy to outline the security measures required to protect electronic information systems and related equipment from unauthorized use.

Objectives

To outline practices for protecting the integrity and confidentiality of information that is transmitted, transferred to portable media and sent through messaging systems to entities outside of Washington University.

Definitions

Encryption: Rendering information unusable, unreadable, or indecipherable to unauthorized individuals.

Integrity: The accuracy and consistency of data, indicated by an absence of any unauthorized alteration during the life of a data record.

Scope

This policy applies to the transmission (Data in Motion) of protected information across public networks and portable media. Public networks include the Internet and open environments that do not require Confidentiality and Integrity of information. Portable Media include CD’s, Hard Disks, USB Memory Sticks, Smart Phones capable of Storage, etc. This policy does not apply to private lease line or dial-up phone connections including FAX transmissions.

Policy

In order to ensure the confidentiality and integrity of protected information WashU will implement technical security measures to guard against unauthorized exposure of protected information during transmission.

  1. Internal transmissions between WashU and BJC are considered secure.
  2. All transmissions of protected information across public infrastructures must either encrypt the information or encrypt the connection between the sending and the receiving entity.
  3. All transmissions of protected information across public networks must also ensure that protected information is not improperly modified without detection while in transit.

WashU Employees responsible for the transmission of Protected Information should follow the Transmission Security Guidance in publication 03.07.01 Transmission Security or request an
exception from Information Security.

Reference

Transmission Security Standards

Title: Transmission Security Policy
Version Number: 1.0
Creation Date: June 6, 2011
Applicability: Protected and Confidential
Reference Number: 03.07
Status: Final
Revision Date: July 7, 2016
Policy Owner: Information Security Office