STANDARD FOR PORTABLE COMPUTING SECURITY | Office of Information Security

The University of Texas at San Antonio

Office of Information Technology

Office of Information Security (OIS) Standards

OIS 30 – Standard for Portable Computing Security

I. STANDARD STATEMENT

The UTSA Standard for Portable Computing Security establishes guidance for the use of mobile computing devices – such as laptops, tablets and smartphones and their connection to the network – to preserve the integrity, availability and confidentiality of UTSA information.

II. RATIONALE

This standard supports HOP Policy 8-12 Information Resources Use and Security Policy

III. SCOPE

This standard applies to all UTSA faculty, staff, and students.

IV. CONTACTS

If you have any questions about OIS 30 Standard for Portable Computing Security contact the following office:

The Office of Information Security

informationsecurity@utsa.edu

V. PROCEDURES

1. The UTSA Standard for Portable Computing applies equally to all individuals who use portable computing devices and access UTSA information resources.

2. Laptops

a. Laptops must be protected by a password or other authentication device/process.

b. Category I UTSA data should not be stored on laptops.

c. All UTSA-owned laptops must be encrypted using industry-accepted/approved encryption techniques.

d. All remote access to UTSA should occur through the UTSA Virtual Private Network (VPN).

e. User-owned laptops that are used to access the UTSA computer network must conform to UTSA Information Resource Standards and have antivirus/anti-malware software installed.

f. Unattended portable computing devices must be physically secured. They must be locked in an office, locked in a desk drawer or filing cabinet, or attached to a desk or cabinet via a cable lock system.

3. Other Mobile Devices

a. Mobile devices such as smartphones or tablets often contain private data such as contact information, passwords, phone numbers and store/financial account log in information. UTSA Category I data should not be stored on any mobile device.

b. Where possible, users must:

i. Install antivirus/anti-malware software

ii. Set a Personally-Identifiable Number (PIN) or password/passphrase

iii. Turn on data encryption (may require use of a password)

iv. Install apps from trusted sources only

v. Install a locator app or turn on the native locator app

vi. Turn off unneeded services

vii. Uninstall unused applications

______________________________________________________________________________

Effective Date: May 31, 2011

Last Revised: August 28, 2014

Reviewed: June 23, 2017