Interim Policy: Use of University Issued Computing Devices When Traveling Internationally

The following policy outlines required practices for faculty, staff, students, and other university-affiliated individuals who travel internationally. The intention of this policy is to safeguard university data, comply with applicable federal regulations, protect the integrity of NJIT’s digital infrastructure and protect the campus community.

Policy Statement

Due to elevated threats of surveillance, device compromise, and data exfiltration, individuals are prohibited from using their NJIT-issued computing device(s) and NJIT-issued mobile phone(s) while traveling internationally. In addition, it is recommended that individuals not bring their personal computing device(s) or personal mobile phone(s) when traveling to high risk cyber destinations.  

For University-sponsored travel, individuals may request a specially prepared loaner device from the Information Services and Technology (IST)  Division. These loaner devices are configured to reduce security vulnerabilities by limiting what applications are available, restricting local data storage, and incorporating enhanced security features.

Additionally, NJIT community members who conduct research are responsible for ensuring compliance with U.S. export control and sanctions laws and regulations, including regulations concerning the international transport of encryption technologies and other restricted items, as well as the provision of “goods” and “services” for certain destinations and restricted parties.

Purpose

NJIT is committed to protecting the availability and integrity of our data and systems. International travel can increase the risk of device compromise as well as legal or regulatory exposure for individuals carrying electronic devices abroad. Traveling with a loaner device will limit exposure to restricted, sensitive, or internal data.   

In addition to safeguarding institutional data, this policy establishes clear guidelines that will minimize personal risk to employees who may be subject to inspection, confiscation, or digital intrusion while traveling internationally. 

Applicability

This applies to anyone using an NJIT issued computing device. This includes, but is not limited to, faculty, staff, and students and other university-affiliated individuals who travel internationally. This policy applies to both University-sponsored and personal travel.

Policy

Effective immediately, and until further notice, NJIT faculty, staff, and students will refrain from traveling internationally while in possession of their NJIT issued computing device(s) and/or NJIT-issued mobile phone(s). In addition, it is recommended that individuals not bring their personal computing device(s) or personal mobile phone(s) when traveling to high risk cyber destinations. This policy applies to University sponsored travel as well as personal travel.

NJIT community members who will be traveling internationally for university sponsored travel are able to request a loaner device. Loaner devices will not be available for faculty, staff, and students who are traveling for personal travel. The exception to this will be employees who may need to conduct NJIT business while traveling. 

Employees whose duties involve regular international travel may be granted exceptions by their Vice President.

Regardless of device ownership, employees who need to conduct official business when traveling internationally must use the NJIT Virtual Private Network (VPN). Public or shared computers should not be used to access NJIT systems under any circumstance.    

Additionally, NJIT community members who conduct research are responsible for ensuring compliance with U.S. export control, sanctions laws, and regulations, including regulations concerning the international transport of encryption technologies and other restricted items, as well as the provision of “goods” and “services” to certain destinations and restricted parties. Prior to departure, individuals should consult with the Office of Research to determine whether specific technologies, data, goods, or services require special licensing or disclosure.

Failure to comply with this policy may result in disciplinary action and could expose NJIT to legal and reputational risk. Questions regarding this policy or requests for loaner devices should be directed to the IST Division through the IST Service Desk.

Process

Under the direction of the Vice President for Digital Strategy and Chief Information Officer, this policy will be administered by the Information Services and Technology division with support from the Office of the Provost, the Office of Research, and the Office of Human Resources.

Definitions

  • High Risk Cyber Destinations: Destinations that present an enhanced degree of cyber risk. This list is subject to change based on updated risk assessments, federal advisories, or changes in international conditions. For the interim policy this list includes Belarus, China, Iran, North Korea, Palestinian Territories, Russia, Syria, Ukraine, and the United Arab Emirates.

  • International Travel: Any travel outside the territorial boundaries of the United States and its territories. This includes travel to foreign countries for any duration and for any purpose, whether University-sponsored or personal.

  • Loaner Device: Laptops or mobile phones that will be provided for international travel; these devices will have limited applications available as well as restrictions on local data storage. 

  • NJIT issued computing devices: Computers, tablets, and electronic storage devices purchased by the University or using NJIT funds; this including research funds. 

  • NJIT-issued mobile phones: Mobile phones provided by, and paid for, by NJIT. 

  • Personal Travel: Any travel that is not funded, arranged, or approved by NJIT and is undertaken for non-work-related purposes.

  • University Sponsored Travel: Any travel undertaken by NJIT faculty, staff, students, or affiliates that is funded in whole or in part by NJIT, including through departmental budgets, grants administered by the university, or university-managed research funds; authorized or approved by NJIT as part of official duties, professional development, or participation in academic, research, or administrative activities; or organized, coordinated, or facilitated by NJIT departments, offices, or affiliated programs, including study abroad programs, research collaborations, or conference attendance representing the university. 

  • Export Control: Export controls are federal laws and regulations that govern the export of sensitive technologies, software, equipment, and certain types of information to foreign countries or foreign nationals. These regulations are designed to protect U.S. national security, economic interests, and foreign policy objectives and apply to both physical shipments (e.g., taking a laptop abroad) and non-physical transfers (e.g., sharing controlled technical data electronically or through conversations).  It is possible for there to be concurrent export control and sanctions jurisdictions involved with a single activity.

  • Sanctions: Sanctions are financial and trade restrictions imposed against individuals, entities, and jurisdictions whose actions contradict U.S. national security or foreign policy goals or objectives.  Sanctions are governed by a number of federal laws and regulations and are administered by the U.S. Department of the Treasury, Office of Foreign Assets Control.  It is possible for there to be concurrent export control and sanctions jurisdictions involved with a single activity.

Cross Reference