638: MOBILE DEVICE ACCESS CONTROL

Policy 638: Mobile Device Access Control regulates the use of mobile devices connected to state networks and data. This policy prevents data from being stored insecurely on a mobile device or carried over an insecure network and accessed by unsanctioned resources. This policy helps ensure all mobile devices connected to state networks and data adhere to standards and maintain the integrity and safety of all state data.

Standard 638S1: Mobile Device Management supports implementation of Policy 638 by defining requirements and configuration of mobile device management (MDM) products. The intended audience for this standard is the MDM system administrators.

Standard 638S2: Mobile Device Use defines standards, restrictions, and terms of use for mobile device users.

These documents will replace the following legacy documents:

  • Policy 638 will replace OIT Policy 320: Use of POMD for State Business
  • OIT Form 320F1: POMD User Agreement Form will be rescinded (there will be no form for mobile device users to complete)
  • Procedure 662P1: Portable Device Authorization
  • Portable Device User Agreement Form (previously submitted copies of this form will be disposed of)

Risks addressed in this document set include:

  • Breach of confidential state data
  • Introduction of viruses to the state systems
  • Damage to public image

Policy 638 addresses the following NIST SP800-53r4 security controls:

  • AC-19: Access Control for Mobile Devices
  • AC-19 Control Enhancement (CE) 5: Container-based Encryption

 

View or Download:

Policy 638: Mobile Device Access Control

Standard 638S1: Mobile Device Management

Standard 638S2: Mobile Device Use