Description

The portability of mobile devices have the potential to effect the security exposure of the information contained or processed by the devices.

Applicability

  • This Control applies to all mobile computing and storage devices that utilize information resources, especially those which process, store, or transmit confidential information. The information resource owner, or designee, is responsible for ensuring that the risk mitigation measures described in this Control are implemented. The intended audience is all users of TAMU information resources.

Implementation

  • 1

    Mobile computing and storage devices, containing restricted or confidential information, shall be protected from unauthorized access by passwords or other means.

  • 2

    Any restricted or confidential information stored on mobile computing or storage device shall be encrypted with an appropriate encryption technique.

  • 3

    All remote access (e.g., dial in services, cable/DSL modem, etc.) to confidential information from a portable computing device shall utilize encryption techniques, such as Virtual Private Network (VPN), Secure File Transfer Protocol (FTP), or Secure Sockets Layers (SSL).

  • 4

    Restricted or confidential information shall not be transmitted via wireless connection to, or from, a mobile computing device unless encryption methods that appropriately secure wireless transmissions, such as Virtual Private Network (VPN), Wi-Fi Protected Access (WPA) or other secure encryption protocols are utilized.

  • 5

    Unattended mobile computing or storage devices, containing restricted or confidential information, shall be kept physically secure using means appropriately commensurate with the associated risk.

  • 6

    Mobile computing devices that are university information resources must be encrypted, patched/updated, and protected with anti-virus software and, if appropriate, a personal firewall. Any mobile computing device that is personally owned cannot contain restricted information; and if it contains confidential information it must be encrypted, patched/updated, and protected with anti-virus software and, if appropriate, a personal firewall.