Agency-owned mobile devices joined to the Agency's mobile device management (MDM) system may access any Agency information resource at the same level of authorization given to an Agency workstation. Personally-owned mobile devices may only access resources that are public-facing. Any personally-owned mobile devices that connect to the enterprise email system shall be updated with current release operating system software approved by the vendor and utilize a passcode to prevent unauthorized access to the mobile device.
Mobile computing and teleworking expose systems and information to exploitable vulnerabilities.
The organization:
a. Establishes usage restrictions, configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices; and
b. Authorizes the connection of mobile devices to organizational information systems.
Mobile devices are password restricted.
State organizations shall establishes usage restrictions, configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices, whether owned by the state organization or the employee.
Obtain access control policy; procedures addressing access control for portable and mobile devices; information system design documentation; information system configuration settings and associated documentation; information system audit records; other relevant documents or records and ascertain if
(I) the organization establishes usage restrictions and implementation guidance for organization-controlled portable and mobile devices; and
(ii) the organization authorizes, monitors, and controls device access to organizational information systems.
