Standard: Mobile Device Security

Scope

This standard covers all mobile devices, such as smart phones and tablets, that are used to access confidential data as described in the University's Confidential Information Policy (MUPIM 3.22/OAC 3339-3-22)

Mobile devices are easily lost and stolen, so security standards are required to decrease the likelihood of a security incident as a result of a mobile device being lost or stolen

Passwords: All covered mobile devices are required to have a password that is at least four characters long; there are no complexity requirements
Automatic Locking: All covered mobile devices are required to lock their screens after 15 minutes of inactivity. Once locked, the mobile device must require its password to be entered before using the device to access any Miami resources
Erase After Failed Logins: All covered mobile devices are required to automatically erase themselves if ten incorrect passwords are entered on a locked device

Any exceptions to this standard require approval from the Information Security Officer before they are implemented

Final reviewed by: Assistant VP for IT Services Security, Compliance, and Risk Management on June 5, 2012
Version 1.0 approved by: Assistant VP for IT Services Security, Compliance, and Risk Management on June 5, 2012
Version 2.0 approved by: Assistant VP for IT Services Security, Compliance, and Risk Management on August 4, 2017
Version 2.0 approved by: Assistant VP for IT Services Security, Compliance, and Risk Management on July 1, 2018

04 August 2017: automatic locking text expanded from email to any Miami resources

Article ID: 7365

Created

Thu 7/2/15 12:32 PM

Modified

Mon 2/26/24 3:18 PM