Mobile Technologies Usage Standard
The Mobile Technologies Usage Standard provides guidelines that are designed for the protection of data stored on portable electronic storage media and portable computing devices.
Comments or feedback on this standard should be directed to the Office of the Chief Information Officer at (831) 582-4700.
This Standard applies to:
- All faculty, staff, students, and volunteers (collectively referred to as “employees”) of CSU Monterey Bay, the University Corporation at Monterey Bay or the CSU Monterey Bay Foundation (collectively referred to as “CSUMB”).
- All contractors and consultants using portable computing devices to access protected university data.
- All portable computing devices and/or portable electronic storage media owned by CSUMB that access or store protected information.
- All Confidential (Level 1) and Internal Use (Level 2) data.
Portable computing devices & portable electronic storage media standards
Confidential data should not be stored on portable computing devices unless absolutely necessary and removed when the business need for storage is no longer required. Confidential or Internal Use data may not be stored on non-CSUMB owned portable computing devices or portable electronic storage media.
The following requirements apply to all CSUMB owned portable computing devices or portable electronic storage media containing Confidential or Internal Use data:
- Physically secured when not in use.
- Encryption software must be loaded and correctly configured.
- Confidential information stored must be encrypted or otherwise rendered unreadable and unusable by unauthorized persons.
- Strong password protection rules for all user profiles must be used.
- Operating system software must be kept current and antivirus software must be kept current on devices capable of running such software.
Prior to disposal all Confidential or Internal Use data stored on portable computing devices or portable electronic storage media must be sanitized in accordance with CSUMB Media Sanitation Methods (see the CSUMB Records Management Standard for details).
Reporting loss or theft
Portable computing devices and portable electronic storage media are vulnerable to loss or theft. In the event of loss of theft, information stored on these devices or media may result in identity theft or unauthorized access to secure systems, networks, and resources.
The loss or theft of a portable computing device or portable electronic storage media within the scope of this standard must be reported to the employee’s appropriate administrator, University Police and the Director of Technology Support Services.
If lost or stolen off-campus, local law enforcement must be notified and a police report obtained. Specific procedures can be found in the Lost or Stolen Devices Reporting Procedure.
Roles and responsibilities
Any user with access to Confidential or Internal Use data will comply with this standard.
Information Technology will supply device and/or software instructions for encryption.
This standard will be subject to revision in response to changes in technology, regulatory compliance, and/or CSUMB operational initiatives.
06/21/2019 by Chip Lenno, CIO/ISO