Policy 638: Mobile Device Access Control regulates the use of mobile devices connected to state networks and data. This policy prevents data from being stored insecurely on a mobile device or carried over an insecure network and accessed by unsanctioned resources. This policy helps ensure all mobile devices connected to state networks and data adhere to standards and maintain the integrity and safety of all state data.
Standard 638S1: Mobile Device Management supports implementation of Policy 638 by defining requirements and configuration of mobile device management (MDM) products. The intended audience for this standard is the MDM system administrators.
These documents will replace the following legacy documents:
- Policy 638 will replace OIT Policy 320: Use of POMD for State Business
- OIT Form 320F1: POMD User Agreement Form will be rescinded (there will be no form for mobile device users to complete)
- Procedure 662P1: Portable Device Authorization
- Portable Device User Agreement Form (previously submitted copies of this form will be disposed of)
Risks addressed in this document set include:
- Breach of confidential state data
- Introduction of viruses to the state systems
- Damage to public image
Policy 638 addresses the following NIST SP800-53r4 security controls:
- AC-19: Access Control for Mobile Devices
- AC-19 Control Enhancement (CE) 5: Container-based Encryption
View or Download: