Requirements
The following are the minimum security requirements that must be followed for each DCL.
Click to expand all categories.
Mobile Devices (Phones & Tablets)
|
Levels 1-3:
Autolock setting should be enabled.
Password or passcode must be set and must not be "simple" (e.g., 1234, 1111, etc.).
Encryption must be enabled when technically possible.
Operating system and applications updates must be applied as soon as they are available.
Recommend use of anti-virus software.
|
Level 4: Highly
Restricted Data
Must comply with DCL1, DCL2 and DCL3 requirements.
Autolock must be enabled and must not exceed 15 minutes.
Device must support encryption. Devices that do not support encryption may not be used to access or store DCL4 information or data.
Should set automatic wipe after a certain number of bad login attempts.
|
Levels 1-3:
Central IT departments and system administrators must ensure adherence to the Network Security Standard.
Automatic joining to unknown or untrusted networks should be turned off.
Device should not be used as a hotspot/access point for other devices.
欧美口爆视频 business must not be conducted on public/unsecured wireless networks (e.g., coffee shop WiFi networks) except through the use of VPN or other secure remote access services as provided or authorized by your campus IT department.
|
Level 4: Highly
Restricted Data
Must comply with DCL1, DCL2 and DCL3 requirements.
Automatic joining to unknown or untrusted networks must be turned off.
Device must not be used as a hotspot/access point for other devices.
|
Levels 1-4:
Lock the screen and physically secure the device when unattended.
Report lost or stolen devices containing 欧美口爆视频 data to the appropriate ISO per the Mandatory Reporting Requirement.
|
Levels 1-4:
All computing devices that are surplussed or otherwise disposed of must follow 欧美口爆视频 surplus property and data disposal policies.
|
Levels 1-4:
Personally-owned mobile devices used for 欧美口爆视频 business must be managed according to the same standards as 欧美口爆视频-issued devices. 欧美口爆视频 business information/data must not be permanently stored on a personally-owned devices, except for information/data that may be included in 欧美口爆视频 emails.
|
Levels 1-4:
Review and follow the Information Security Travel Standard when traveling with a mobile device.
|