Mobile Device Security Guideline
Updated January 2016
The purpose of this guideline is to provide guidance on mobile device security for University owned or personally owned mobile devices within Boise State University managed networks while protecting the confidentiality, integrity, and availability of University data.
This guideline intends to balance the use of mobile devices for University business while preventing Boise State University data from being deliberately or inadvertently stored insecurely on a device or carried over an insecure network where it could potentially be accessed by unauthorized resources. Such a breach could result in loss of information, damage to critical applications, financial loss, and damage to the University’s public image. Therefore, all users employing a mobile device connected to a Boise State managed network, and/or capable of backing up, storing, or otherwise accessing Boise State data of any type, must adhere to University-defined policies, standards and guidelines.
This guideline applies to all users accessing systems and resources at Boise State University.
Employees using Mobile devices, software, and/or related components to access University data MUST:
- Keep these devices and related software protected, updated and patched.
- Ensure such devices employ device access protection such as pass-codes, complex passwords, pattern swipe, facial recognition, card swipe, fingerprint reader, etc…
- Ensure the device activates access protection when powered up, awakened from sleep mode, or after 2 (two) minutes of device inactivity.
- Ensure such devices employ remote wipe functionality at all times in case the device is lost or stolen.
- Ensure that the sensitive data is protected using data encryption as outlined in the System Security Encryption Guideline.
- Acknowledge and confirm that all University-sensitive data has been permanently erased from their mobile devices once their need for access is no longer required.
- Agree to and accept that their mobile device access to Boise State managed networks may be monitored in order to identify unusual usage patterns and/or suspicious or malicious activity.
- Immediately report to the Chief Information Security Officer any incident or suspected incidents of unauthorized data access, data or device loss, and/or disclosure of system resources as it relates to their mobile devices.
Employees using mobile devices, software, and/or related components to access University data MUST NOT:
- Store mobile passwords and/or other confidential or sensitive data on an unencrypted mobile device. See Data Classification Standard.
Failure to comply with the Boise State Mobile Device Security guideline may, at the full discretion of the University, result in the suspension of any or all technology use and connectivity privileges, disciplinary action, and/or possible termination of employment.
Individuals using computer systems owned by Boise State University do so subject to applicable State and Federal laws and University policies. Boise State University disclaims any responsibility and/or warranties for information and materials residing on non-university systems or available over publicly accessible networks. Such materials do not necessarily reflect the attitudes, opinions, or values of the State of Idaho, Boise State University, its faculty, staff, or students.
Questions about this guideline should be directed to the Chief Information Security Officer:
Phone: (208) 426-5701