What is the potential waiver process for exempting a laptop or tablet from using encryption software?
Fill out and sign the laptop encryption waiver form (see an example) (DOC-63KB). The waiver must be approved by the registry’s information systems security officer. • Describe why implementing the policy is not feasible or technically possible while supporting the scientific mission or business function. • Confirm the laptop or tablet does not, and will not, access or store PII or sensitive data. If it does store PII or sensitive data, additional compensating controls may be required. • Describe the technical, operational, and management security controls which offset the risk of not implementing this policy; for example, the machine is not portable and is attached securely to an instrument or bench with a cable lock. • List the machine’s location, serial number, and registry decal number.
Fill out and sign the laptop encryption waiver form. The waiver must be approved by the registry’s information systems security officer. • Describe why implementing the policy is not feasible or technically possible while supporting the scientific mission or business function. • Confirm the laptop or tablet does not, and will not, access or store PII or sensitive data. If it does store PII or sensitive data, additional compensating controls may be required. • Describe the technical, operational, and management security controls which offset the risk of not implementing this policy; for example, the machine is not portable and is attached securely to an instrument or bench with a cable lock. • List the machine’s location, serial number, and registry decal number.
