Interim Policy: Use of University Issued Computing Devices When Traveling Internationally

Purpose

NJIT is committed to protecting the availability and integrity of its data and systems. International travel can increase the risk of device and data compromise as well as legal or regulatory exposure for individuals carrying electronic devices abroad. The following policy outlines requirements for international travel as it relates to the use and possession of University issued computing devices. The intention of this policy is to safeguard university data, comply with applicable federal regulations, protect the integrity of NJIT’s digital infrastructure, and protect the campus community.

This policy also establishes expectations, guidance, and processes that will minimize personal risk to individuals who may be subject to inspection, confiscation, or digital intrusion while traveling to or returning from other countries.

Services

Applicability

This policy applies to anyone using an NJIT issued computing device. This includes, but is not limited to, faculty, staff, and students and other university-affiliated individuals who travel internationally.

Policy

NJIT faculty, staff, students and other university-affiliated individuals may not possess an NJIT-issued computing device(s) and/or an NJIT-issued mobile phone(s) during international travel unless one (1) of three (3) of the following conditions are met:

  1. NJIT community members who will be traveling internationally for university- sponsored travel may request a loaner device from the Information Services and Technology (IST) Division. The loaner devices from IST will provide a baseline computing environment with restrictions on local storage. IST will review requests for additional software or specialized software on those computing devices. Individuals may submit their request for a loaner device no later than twenty (20) business days before their intended travel date via the Highlander Nexus platform. A response from IST will be provided within five (5) business days after the request is submitted. Loaner devices will be provided within five (5) business days before the intended travel date, with instructions about the return of the loaner device. Loaner devices, to the extent the request for such is approved, will be provided on a first-come, first-
    served basis depending on availability. Requests will not be arbitrarily denied and must be submitted by completing the Highlander Nexus form linked here. If an individual’s request for a loaner device cannot be granted due to limited availability or their request is voluntarily withdrawn, then that individual may request permission to travel abroad with their NJIT-issued device no later than fifteen (15) business days before their international travel date, per the process under Paragraph 2 below.
  2. No later than twenty (20) business days prior to their international travel date, the NJIT community member may request permission to travel abroad with their NJIT-issued device via the Highlander Nexus platform. Upon receipt of that request, the Office of Research will determine whether specific technologies, data, goods, or services on community members’ NJIT-issued devices require special licensing or disclosure to comply with U.S. export controls, sanctions laws, and regulations, including regulations concerning Controlled Unclassified Information (“CUI”), the international transport of encryption technologies and other restricted items, as well as the provision of “goods” and “services” to certain destinations and restricted parties. Approval, appropriate restrictions, or clearance will be communicated to the traveler in writing. Responses will be provided within five (5) business days. Requests will not be arbitrarily denied and must be submitted by completing the Highlander Nexus form linked here.
  3. In certain circumstances, there may be additional security measures that may be required and provided for international travel undertaken on behalf of the institution. These requests will be initiated by the area Vice President and submitted to IST through the Highlander Nexus portal form linked here and should be undertaken only in exceptional circumstances.

Individuals who need to conduct official business or access NJIT systems, networks, and/or data while traveling internationally must use the NJIT Virtual Private Network (“VPN”) to access NJIT’s systems, networks, and/or data, to the extent such use complies with the applicable foreign laws. Public or shared computers must not be used to access NJIT systems, networks, and/or data under any circumstances.

All individuals must fully comply with this policy without exception. Full policy adherence is critical due to the extensive legal, safety, and reputational risks of non-compliance. More detailed information about the regulations, sanction laws, liabilities, and ramifications of non-compliance is listed in the Sanctions section below.

Administration of the Policy

This policy will be administered by the Office of Research, the Information Services and Technology Division, the Office of the Provost, and the Office of Human Resources. Employees who have questions regarding this policy should direct their inquiries to the Office of Human Resources.

Definitions

  • Controlled Unclassified Information (“CUI”): CUI is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.
  • Export Controls: Export controls are federal laws and regulations that govern the export of sensitive technologies, software, equipment, and certain types of information or technical assistance to foreign countries or foreign nationals. These regulations are designed to protect U.S. national security, economic interests, and foreign policy objectives and apply to both physical shipments (e.g., taking a laptop abroad) and non-physical transfers (e.g., sharing controlled technical data electronically or through conversations). It is possible for there to be concurrent export control and sanctions jurisdictions involved with a single activity.
  • High Risk Cyber Destinations: International destinations that present an enhanced degree of cyber risk due to their designation(s) as Active War Zones/Conflict Areas, National Security concerns, Arms Embargoed Destinations, and/or Sanctioned and Embargoed Destinations. For the interim policy this includes: Afghanistan, Armenia, Azerbaijan, Belarus, Burkina Faso, Burma (Myanmar), Cambodia, Central African Republic, China, Democratic Republic of the Congo, Cuba, Eritrea, Georgia, Haiti, Iran, Iraq, Kazakhstan, North Korea, Kyrgyzstan, Laos, Lebanon, Libya, Macau, Mali, Moldova, Mongolia, Nicaragua, Mozambique, Russia, Somalia, South Sudan, Sudan, Syria, Tanzania, Tajikistan, Turkmenistan, Uzbekistan, Venezuela, Vietnam, Western Sahara, Yemen, and Zimbabwe. This list is subject to change based on updated risk assessments, federal advisories, and/or changes in international conditions.
  • International Travel: Any travel outside the territorial boundaries of the United States and its territories. This includes travel to foreign countries for any duration and for any purpose, whether or not University-sponsored.
  • Loaner Device: Laptops or mobile phones that will be provided for international travel; these devices will have limited applications available as well as restrictions on local data storage.
  • NJIT issued computing devices: Computers, tablets, and electronic storage devices purchased by the University or using NJIT funds; this includes research funds.
  • NJIT-issued mobile phones: Mobile phones provided by, and paid for, by NJIT.
  • University Sponsored Travel: Any travel undertaken by NJIT faculty, staff, students, or affiliates that is funded in whole or in part by NJIT, including through departmental budgets, grants administered by the university, or university-managed research funds; authorized or approved by NJIT as part of official duties, professional development, or participation in academic, research, or administrative activities; or organized, coordinated, or facilitated by NJIT departments, offices, or affiliated programs, including study abroad programs, research collaborations, or conference attendance representing the university.
  • Sanctions: Sanctions are financial and trade restrictions, including goods and services, imposed against individuals, entities, and jurisdictions whose actions contradict U.S. national security or foreign policy goals or objectives. Sanctions are governed by a number of federal laws and regulations and are administered by the U.S. Department of the Treasury, Office of Foreign Assets Control. It is possible that there are concurrent export control and sanctions jurisdictions involved with a single activity.

Cross Reference