In 2005, new State Department regulations state that normal day-to-day activities should be conducted on an authorized computer system, known as an automated information system (AIS). Examples of an AIS include a server and a mobile device.
In 2007, new regulations specify that nondepartmental AISs containing department information must be registered with the department and maintain certain minimum security standards.
In 2016, an internal department investigation will determine that Clinton never registered her private server or mobile devices and thus never had them checked to see if they maintained the required security standards. (US Department of State, 5/25/2016)