按壇鎗栽科郊利蝕襲

Live now: Board of Curators meeting

Tools

Mobile Devices (Phones & Tablets)

Requirements

The following are the minimum security requirements that must be followed for each DCL.

Click to expand all categories.

UM Data Classification System
Mobile Devices (Phones & Tablets)
Systems Management
Levels 1-3: Autolock setting should be enabled. Password or passcode must be set and must not be "simple" (e.g., 1234, 1111, etc.). Encryption must be enabled when technically possible. Operating system and applications updates must be applied as soon as they are available. Recommend use of anti-virus software.			Level 4: Highly Restricted Data Must comply with DCL1, DCL2 and DCL3 requirements. Autolock must be enabled and must not exceed 15 minutes. Device must support encryption. Devices that do not support encryption may not be used to access or store DCL4 information or data. Should set automatic wipe after a certain number of bad login attempts.
Network Security
Levels 1-3: Central IT departments and system administrators must ensure adherence to the Network Security Standard. Automatic joining to unknown or untrusted networks should be turned off. Device should not be used as a hotspot/access point for other devices. University business must not be conducted on public/unsecured wireless networks (e.g., coffee shop WiFi networks) except through the use of VPN or other secure remote access services as provided or authorized by your campus IT department.			Level 4: Highly Restricted Data Must comply with DCL1, DCL2 and DCL3 requirements. Automatic joining to unknown or untrusted networks must be turned off. Device must not be used as a hotspot/access point for other devices.
Physical Security
Levels 1-4: Lock the screen and physically secure the device when unattended. Report lost or stolen devices containing University data to the appropriate ISO per the Mandatory Reporting Requirement.
Data Disposal
Levels 1-4: All computing devices that are surplussed or otherwise disposed of must follow University surplus property and data disposal policies.
Personally-Owned Phones & Tablets
Levels 1-4: Personally-owned mobile devices used for University business must be managed according to the same standards as University-issued devices. University business information/data must not be permanently stored on a personally-owned devices, except for information/data that may be included in University emails.
Travel
Levels 1-4: Review and follow the Information Security Travel Standard when traveling with a mobile device.

Reviewed 2023-02-27

UM System