信息技术标准02.9.0

移动设备管理标准

当前修订或创建日期: 2021年11月1日

的目的 资讯科技标准 is to specify requirements for compliance with bet8体育娱乐入口 Information 技术 policies, 其他大学政策, 以及适用的法律法规. 标准可能包括业务原则, 最佳实践, 技术标准, 迁移和实现策略, 指导设计, 资讯科技的部署及管理.

目的

The purpose of this standard is to establish the responsibilities for mobile device users to promote the secure, 可靠和负责地使用所有移动计算设备.

定义

数据分类 -在信息安全的背景下, the classification of data based on its level of sensitivity and the impact to the University should that data be disclosed, 擅自涂改或销毁的.

终端安全 is the act of securing, protecting and preventing unauthorized access to a computing device.

资讯保安主任(ISO) -bet8体育娱乐入口的雇员, 由院长或指定人员任命, who is responsible for developing and managing bet8体育娱乐入口's information technology (IT) security program.

机构数据 - Recorded information that documents a transaction or activity by or with any appointed board member, 官, 或大学雇员. 无论物质形态如何, 特征, 或源, 记录的信息如果被制作出来就是大学记录, 收集, received or retained in pursuance of law or in connection with the transaction of University business. The medium upon which such information is recorded has no bearing on the determination of whether the recording is a University record. 大学档案包括但不限于人事档案, 学生记录, 学习成绩, 财务记录, 病人记录和行政记录. 记录格式/媒体包括但不限于电子邮件, 电子数据库, 电子文件, 纸, audio, 视频和图像.

移动计算和存储设备 are defined as portable devices intended primarily for the access to or processing of data and/or to provide persistent storage. 具有这些特点的新产品经常出现在市场上. 例子包括, 但不限于, 笔记本电脑, 平板电脑, 智能手机, 存储驱动器, 记忆卡, USB驱动器, 聪明的手表, 等. 在本政策的上下文中，设备可能是个人或大学所有.

用户 includes anyone who accesses and uses the bet8体育娱乐入口 information technology resources.

擦 is a security feature which allows a device administrator or device owner to send a command to a computing device to delete some or all data.

供应商授权的安全配置 are built-in limitations designed to secure devices that can be altered or removed to change the functionality of the device.

标准声明

bet8体育娱乐入口允许使用移动计算设备和存储设备, 包括大学拥有和启用的设备, 大学拥有但个人启用的设备, 个人拥有的设备, to access IT resources as long as the devices are compliant with IT security standards and guidelines.

访问所有IT资源, 包括可用于移动设备的那些, 是否通过帐户管理程序授予. Authorized users formally consent to the terms and conditions of use through the acknowledgment of the University's 可接受使用标准.

用户的责任

在使用大学网络上的移动设备或使用大学数据时, 用户有以下责任:

• 设备安全
  • 用户s are responsible for taking all endpoint security precautions to secure their device and to secure the University data on the device.
  • 用户必须配置PIN码或密码才能访问设备.
  • 如果设备没有通过PIN或密码提供保护, 用户必须对ODU数据或ODU IT资源进行密码保护或加密.
  • 用户s must set an idle timeout that will automatically lock the device after a period of time.
  • 用户s must keep all software, including the operating system and applications, up to date.
  • 用户必须维护供应商授权的安全配置.
  • It is recommended that users label devices with contact information to make the device easy to return if lost.
  • It is recommended that users enroll capable devices in a remote location-tracking service to help trace the device if misplaced.
• 数据安全及储存
  • 所有机构数据归bet8体育娱乐入口所有. 像这样, all members of the University community have the obligation to appropriately secure and protect the asset in all formats, 包括移动设备.
  • 用户s must understand and follow the University's data administration and classification with respect to the access, 机构数据的传输和存储.
  • 用户必须接受 and understand that University reserves the right to wipe some or all data from a mobile device in the event of employment separation or termination and/or the loss or replacement of a mobile device.
  • 用户必须接受 and understand that mobile devices are subject to open records requests or audit processes. 在这种情况下，用户必须提供对移动设备的完全访问权限.
  • 用户必须接受, understand and surrender a mobile device to the University to ensure compliance with a litigation order. The user cannot delete or modify any information subject to this standard which is stored on the device after receiving the request.
• 事故报告
  • 用户s must participate in required security awareness training programs provided by the University.
  • 用户s must immediately report lost or stolen devices to the ODU security team or by submission of the online 电脑事故报告表格. 用户可以使用远程擦除服务.
• 技术支持
  • The University does not assume any liability or responsibility for technical support for a user's personally owned computing device.
• 执行
  • Noncompliant devices may be disconnected from the IT infrastructure until the device is brought into compliance.
  • 用户s not in compliance with this standard may be denied access to IT resources and may be subject to ITS Standard - 纪律处分标准.
  • Failure to cooperate with the production of information on the device when surrendered for litigation orders may result in the employee bearing the costs individually for failing to cooperate or for deleting or altering the material to the extent permitted by 弗吉尼亚法典第2节.2-3714.
• 生效日期
  • All users currently using mobile computing and storage devices must bring the device in compliance with this policy effective January 1st, 2016.
• 异常
  • 信息安全官或其指定人员可批准本政策的例外情况.

程序,指导方针 & 其他相关资料

• 联邦和州法律
• 大学政策3310 - Allowance for Usage of Personal Mobile Devices and Wireless 服务 for University Business
• 大学政策6202 -远程工作政策
• IT标准02.3.数据管理和分类标准
• 资讯科技标准05.1.IT安全事件处理标准
• 资讯科技标准05.4.0 -病毒 & 恶意代码防护标准
• 资讯科技标准09.1.0 -可接受的使用标准
• 资讯科技标准十.1.纪律处分标准

历史