51ÁÔÆæ

To ensure secure, reliable, and accountable use of mobile computing and storage devices containing 51ÁÔÆæ (51ÁÔÆæ) data by establishing unified management of and formally assigning roles and responsibilities with respect to the use of such devices.

Applies to all mobile computing and storage devices used by 51ÁÔÆæ’s users in the performance of their duties and to all 51ÁÔÆæ data when accessed through, or stored on, mobile computing and storage devices, regardless of the device’s ownership.

Mobile Computing Devices: Small devices intended primarily for the access to or processing of data, which can be easily carried by a single person and provide persistent storage. Current examples include, but are not limited to, laptop, notebook, netbook and similar portable personal computers, as wells as smartphones and personal digital assistants (Android, Blackberry, iPhone, and others).

Mobile Storage Devices: Media that can be easily carried by a single person and provide persistent storage. Current examples include, but are not limited to, magnetic storage devices (diskettes, tapes, USB hard drives), optical storage devices (CDs, DVDs, magneto-optical disks), memory storage devices (SD cards, thumb drives), and portable devices that make nonvolatile storage available for user files (cameras, MP3 and other music players, audio recorders, smart watches, and cell phones).

Restricted Data: Data in any format collected, developed, maintained, or managed by or on behalf of 51ÁÔÆæ or within the scope of 51ÁÔÆæ activities that are subject to specific protections under federal or state law or regulations or under applicable contracts. Examples include, but are not limited to, medical records, social security numbers, credit card numbers, drivers licenses, non-directory student records, research protocols and export controlled technical data.

User: Anyone who uses 51ÁÔÆæ’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.

Policy

51ÁÔÆæ is committed to and encourages an open and collaborative environment through the use of mobile devices to facilitate interaction among users. However, mobile computing devices and mobile storage devices that connect to 51ÁÔÆæ’s servers or contain 51ÁÔÆæ restricted data can be a substantial security risk for 51ÁÔÆæ. To reduce that risk, 51ÁÔÆæ has adopted the following guidelines.

Guidelines

• All mobile computing devices and mobile storage devices that access the 51ÁÔÆæ intranet and/or store 51ÁÔÆæ restricted data must be compliant with 51ÁÔÆæ information security policies and standards. 51ÁÔÆæ information security policies applicable to desktop or workstation computers also apply to mobile computing and mobile storage devices.
• Restricted data stored on mobile computing and storage devices must be encrypted.
• Any and all mobile computing and mobile storage devices used within 51ÁÔÆæ’s information and computing environments must meet all applicable 51ÁÔÆæ encryption standards.
• Mobile devices purchased with 51ÁÔÆæ funds, including but not limited to contracts, grants, and gifts, must also be recorded in the 51ÁÔÆæ IT assets inventory.
• 51ÁÔÆæ’s Chief Information Officer will establish standards to govern the secure use of all mobile computing and storage devices at 51ÁÔÆæ.
• 51ÁÔÆæ’s Chief Information Officer will provide guidance to assist departments and units in complying with these requirements.
• All 51ÁÔÆæ managers, in conjunction with IT support teams, are responsible for ensuring all existing users of mobile computing and storage devices within their areas of responsibility are compliant with 51ÁÔÆæ policies and standards.
• All users who are currently using personally-owned mobile computing and storage devices that access the 51ÁÔÆæ intranet and/or store 51ÁÔÆæ restricted data are required to bring their personal device into compliance with the 51ÁÔÆæ information security standard for mobile computing and storage devices.
• All users will report the loss or theft of a mobile computing or storage device to the immediately upon detection of the loss. 51ÁÔÆæ’s Chief Information Officer must be immediately notified of theft or loss of any mobile computing device or mobile storage device that contains restricted data. 51ÁÔÆæ’s restricted data may not be released for storage on, or access through, devices that do not meet these requirements.
• Failure to comply with these guidelines may result in suspension or termination of connectivity privileges and/or corrective action, up to and including termination or expulsion.