Purpose - The UTSA Portable Computing Security Standard establishes the rules for the use of mobile computing devices, such as laptops and personal digital assistants (PDAs), and their connection to the network. These rules are necessary to preserve the integrity, availability and confidentiality of UTSA information.

Audience - The UTSA Portable Computing Security Standard applies equally to all individuals who use portable computing devices and access UTSA information resources.

1. Only UTSA-approved portable computing devices may be used to access UTSA information resources.

2. Portable computing devices must be protected by password or other authentication device/process.

3. UTSA data should not be stored on portable computing devices.  However, in the event that there is no alternative to local storage, all sensitive UTSA data must be encrypted using industry-accepted/approved encryption techniques.

4. UTSA data must not be transmitted via wireless methods to or from a portable computing device unless approved wireless transmission protocols, along with approved encryption techniques, are utilized.

5. All remote access (dial-in services) to UTSA must occur through an approved modem pool or via an Internet Service Provider (ISP).

6. User-owned computer systems that require network connectivity must conform to UTSA Information Resource Standards and must be approved in writing by the UTSA Information Security Officer (ISO).

7. Unattended portable computing devices must be physically secured.  They must be locked in an office, locked in a desk drawer or filing cabinet, or attached to a desk or cabinet via a cable lock system.