STANDARD FOR PORTABLE COMPUTING SECURITY

 

The University of Texas at San Antonio

Office of Information Technology

Office of Information Security (OIS) Standards

 

OIS 30 – Standard for Portable Computing Security

 

 


 I. STANDARD STATEMENT


The UTSA Standard for Portable Computing Security establishes guidance for the use of mobile computing devices - such as laptops, tablets and smartphones and their connection to the network - to preserve the integrity, availability and confidentiality of UTSA information.

 


II. RATIONALE


This standard supports HOP Policy 8-12 Information Resources Use and Security Policy

 


III. SCOPE


This standard applies to all UTSA faculty, staff, and students.

 


IV. CONTACTS


If you have any questions about OIS 30 Standard for Portable Computing Security contact the following office:

 

The Office of Information Security

informationsecurity@utsa.edu

 


 V. PROCEDURES  


1. The UTSA Standard for Portable Computing applies equally to all individuals who use portable computing devices and access UTSA information resources.

 

2. Laptops

a. Laptops must be protected by a password or other authentication device/process.
b. Category I UTSA data should not be stored on laptops.
c. All UTSA-owned laptops must be encrypted using industry-accepted/approved encryption techniques.
d. All remote access to UTSA should occur through the UTSA Virtual Private Network (VPN).
e. User-owned laptops that are used to access the UTSA computer network must conform to UTSA Information Resource Standards and have antivirus/anti-malware software installed.
f. Unattended portable computing devices must be physically secured. They must be locked in an office, locked in a desk drawer or filing cabinet, or attached to a desk or cabinet via a cable lock system.

 

3. Other Mobile Devices

a. Mobile devices such as smartphones or tablets often contain private data such as contact information, passwords, phone numbers and store/financial account log in information. UTSA Category I data should not be stored on any mobile device.

b. Where possible, users must:

i. Install antivirus/anti-malware software
ii. Set a Personally-Identifiable Number (PIN) or password/passphrase
iii. Turn on data encryption (may require use of a password)
iv. Install apps from trusted sources only
v. Install a locator app or turn on the native locator app
vi. Turn off unneeded services
vii. Uninstall unused applications

 

______________________________________________________________________________

Effective Date: May 31, 2011

Last Revised: August 28, 2014

Reviewed: June 23, 2017

<< Back