UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance formobile and wireless device requirements.
Requirement
Resource Custodian must not implement core systems on mobile or wireless devices.
Description of Risk
Devices on insecure networks are open to multiple attack vectors. Mobile devices and removable media can be stolen or lost. Attackers can gain access to covered systems through wireless devices connected to the network.
Recommendations
While wireless network access allows better collaboration and mobility, additional exposure on wireless networks introduces security risks to core (institutional) devices that outweigh advantages gained via use of wireless networks. Resource custodians must not implement core devices on mobile or wireless devices, which include mobile phones, smartphones, tablets and laptops. In addition, resource custodians should ensure any wireless network adapters on covered core devices are disabled to prevent accidental connection to rogue wireless networks.
For additional guidance on encryption requirements applicable to mobile and wireless devices, please refer to Encryption in Transit andRemovable Media Encryption Guidelines.