Mobile Computing Devices. To ensure that Mobile Computing Devices (MCDs) do not introduce threats into systems that process or store County information, departments’ management shall:
2.2.3.1 Establish and manage a process for authorizing, issuing and tracking the use of MCDs.
2.2.3.2 Permit only authorized MCDs to connect to County information assets or networks that store, process, transmit, or connects to County information and information assets.
2.2.3.3 Implement applicable access control requirements in accordance with this policy, such as the enforcement of a system or device lockout after 15 minutes of inactivity requiring re-entering of a password to unlock.
2.2.3.4 Install an encryption algorithm that meets or exceeds industry recommended encryption standard for any MCD that will be used to store County information. See Section on Encryption.
2.2.3.5 Ensure that MCDs are configured to restrict the user from circumventing the authentication process.
2.2.3.6 Provide security awareness training to County employees that informs MCD users regarding MCD restrictions.
2.2.3.7 Label MCDs with County address and/or phone number so that the device can be returned to the County if recovered.
2.2.3.8 The installation of any software, executable, or other file to any County computing device is prohibited if that software, executable, or other file downloaded by, is owned by, or was purchased by an employee or contractor with his or her own funds unless approved by the department. If the device (“i” device or smartphone, only) complies with the mobile device management security standards (see section 9.2.3 Mobile Computing Devices), this is not applicable.
Mobile Computing Devices. Data importer shall maintain a program designed to protect data importer’s mobile computing devices from unauthorized access. Such program shall address physical protection, access control and security controls such as encryption, virus protection and device backup.
Mobile Computing Devices. Iron Mountain will have a policy or procedure in place designed to protect Iron Mountain’s mobile computing devices from unauthorized access. Such policies or procedures shall address physical protection, access control and security controls such as encryption, virus protection and device backup.