Standard: ISO / Mobile device security

Scope

  • This standard covers all mobile devices, such as smart phones and tablets, that are used to access confidential data as described in the University's Confidential Information Policy

Rationale

  • Mobile devices are easily lost and stolen, so security standards are required to decrease the likelihood of a security incident as a result of a mobile device being lost or stolen

Standard

  • Passwords: All covered mobile devices are required to have a password that is at least four characters long; there are no complexity requirements
  • Automatic Locking: All covered mobile devices are required to lock their screens after 15 minutes of inactivity. Once locked, the mobile device must require its password to be entered before using the device to access any Miami resources
  • Erase After Failed Log ins: All covered mobile devices are required to automatically erase themselves if ten incorrect passwords are entered on a locked device

 

Exceptions

  • Any exceptions to this standard require approval from the Information Security Officer before they are implemented

Standard Administration

Next Review Date

  • 07/01/2020

 

Responsible Officer

  • Vice President for Information Technology & Chief Information Officer

 

Contact

  • Assistant VP for IT Services Security, Compliance, and Risk Management

 

Approval(s) and Date(s)

  • Final reviewed by: Assistant VP for IT Services Security, Compliance, and Risk Management on June 5, 2012
  • Version 1.0 approved by: Assistant VP for IT Services Security, Compliance, and Risk Management on June 5, 2012
  • Version 2.0 approved by: Assistant VP for IT Services Security, Compliance, and Risk Management on August 4, 2017
  • Version 2.0 approved by: Assistant VP for IT Services Security, Compliance, and Risk Management on July 1, 2018

 

Revision History

  • 04 August 2017: automatic locking text expanded from email to any Miami resources

Related Document

 

Print Article