Description

The portability of mobile devices have the potential to effect the security exposure of the information contained or processed by the devices.

Applicability

  • This Control applies to all mobile computing and storage devices that utilize information resources, especially those which process, store, or transmit Critical or Confidential information. The information resource owner, or designee, is responsible for ensuring that the risk mitigation measures described in this Control are implemented. The intended audience is all users of TAMU information resources.

Implementation

  • 1

    Mobile computing and storage devices, containing Critical or Confidential data shall be protected from unauthorized access by passwords or other means.

  • 2

    Any Critical or Confidential data stored on mobile computing or storage device shall be encrypted with an appropriate encryption technique.

  • 3

    All remote access (e.g., dial in services, cable/DSL modem, etc.) to Critical or Confidential data from a portable computing device shall utilize encryption techniques, such as Virtual Private Network (VPN), Secure File Transfer Protocol (SFTP), or Secure Sockets Layers (SSL).

  • 4

    Critical or Confidential data shall not be transmitted via wireless connection to, or from, a mobile computing device unless encryption methods that appropriately secure wireless transmissions, such as Virtual Private Network (VPN), Wi-Fi Protected Access (WPA) or other secure encryption protocols are utilized.

  • 5

    Unattended mobile computing or storage devices, containing Critical or Confidential data, shall be kept physically secure using means appropriately commensurate with the associated risk.

  • 6

    Mobile computing devices that are university information resources must be encrypted, patched/updated, and protected with anti-virus software and, if appropriate, a personal firewall. Any mobile computing device that is personally owned cannot contain Critical or Confidential data; and if it contains Critical or Confidential data it must be encrypted, patched/updated, and protected with anti-virus software and, if appropriate, a personal firewall.