AC-19: Access Control for Mobile Devices

NIST Baseline:  Low 

DIR Required By:  07/20/2023 

TAMUS Required By:  12/19/2022 

Review Date:  04/17/2024 

1. Mobile devices encompass portable computing devices owned by Tarleton.  They are managed by a mobile device management (MDM) system.  

2. These mobile devices must be protected from unauthorized access by passwords or other means, such as by passcodes that are at least 4-digits or longer and/or require biometric authentication (fingerprint or face scan). 

3. Any confidential data stored on or transmitted to/from mobile devices must be encrypted with an appropriate encryption technique.  

4. These mobile devices must be kept up to date with patching and have a firewall enabled, as applicable.  

Note: Please see Control AC-20, Use of External Systems, regarding mobile devices that are not Tarleton-owned/controlled.  

---

References/Additional Resources

Model Security Plan for Prohibited Technologies