DEPARTMENT OF THE NAVY UNITED STATES NAVAL ACADEMY 121 BLAKE ROAD ANNAPOLIS MARYLAND

Similar documents
Date of Next Review: May Cross References: Electronic Communication Systems- Acceptable Use policy (A.29) Highway Traffic Act

CELL PHONE POLICY Page 1 of 5 City of Manteca Administrative Policy and Procedure

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

Standard mobile phone a mobile device that can make and receive telephone calls, pictures, video, and text messages.

POLICY 8200 NETWORK SECURITY

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

GM Information Security Controls

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

Wireless Communication Device Use Policy

I. Policy Statement. University Provided Mobile Device Eligibility Policy Effective Date: October 12, 2018

Mobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services

Employee Security Awareness Training Program

NOTE: The first appearance of terms in bold in the body of this document (except titles) are defined terms please refer to the Definitions section.

Computerized Central Records System

Cell Phone Policy. 1. Purpose: Establish a policy for cell phone use and compensation allowance.

GEORGIA DEPARTMENT OF CORRECTIONS Standard Operating Procedures

Bring Your Own Device

Nebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015

RULES FOR DISTRICT CELL PHONE USE

COUNTY OF EL DORADO, CALIFORNIA BOARD OF SUPERVISORS POLICY

CNATRAINST A N6 3 Mar 16. Subj: CNATRA ELECTRONIC MAIL DIGITAL SIGNATURE AND ENCRYPTION POLICY

Mobile Device policy Frequently Asked Questions April 2016

Wireless Communication Device Policy Policy No September 2, Standard. Practice

Wireless Communication Stipend Effective Date: 9/1/2008

A. Facilities and critical systems employees subject to afterhours call out.

Internet, , Social Networking, Mobile Device, and Electronic Communication Policy

Information Technology Standards

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Wireless Services Allowance Procedure

S T A N D A R D : M O B I L E D E V I C E S

Information technology security and system integrity policy.

BRING YOUR OWN DEVICE: POLICY CONSIDERATIONS

THE SOUTHERN BAPTIST THEOLOGICAL SEMINARY PORTABLE ELECTRONIC DEVICE POLICY

KSU Policy Category: Information Technology Page 1 of 5

B. Employees are expected to make personal calls on non-work time and to ensure that friends and family members are aware of the City s policy.

THE SOUTHERN BAPTIST THEOLOGICAL SEMINARY PORTABLE ELECTRONIC DEVICE POLICY

ADMINISTRATIVE POLICY NO ISSUING MUNICIPAL EQUIPMENT (Computer, Lap Tops, Notebooks, ipads)

The University of Texas at El Paso. Information Security Office Minimum Security Standards for Systems

If we provide the device, it is managed through Citrix XenMobile Enterprise. If you want access to our internal sites, then you have to be managed

FERPA & Student Data Communication Systems

DoD Wireless Smartphone Security Requirements Matrix Version January 2011

I. PURPOSE III. PROCEDURE

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents

Mobile configuration guide for NHSmail

BHIG - Mobile Devices Policy Version 1.0

2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY

Participant Agreement. Updated December 1, 2016 and approved by the OK-First Advisory Committee

Cell and PDAs Policy

Date Approved: Board of Directors on 7 July 2016

Access to University Data Policy

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) ITS Responsible Use of Telephone, Telecommunications, and Networking Resources ISUPP 2280

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

Bring Your Own Device Policy

Personal Communication Devices and Voic Procedure

TELEPHONE AND MOBILE USE POLICY

Donor Credit Card Security Policy

UTAH VALLEY UNIVERSITY Policies and Procedures

Department of Public Health O F S A N F R A N C I S C O

Subj: CNIC IRIDIUM SATELLITE PHONE POLICIES AND PROCEDURES

Bring Your Own Device (BYOD) Policy

Williamsburg Multiple Listing Service, Inc. SENTRILOCK SERVICE AGREEMENT

Information Security Policy for Associates and Contractors

CELLULAR TELEPHONE USE POLICY

University of Wyoming Mobile Communication Device Policy Effective January 1, 2013

WELLSBORO AREA SCHOOL DISTRICT

CELLULAR TELEPHONE EQUIPMENT AND SERVICES POLICY

Terms and Conditions between Easy Time Clock, Inc. And Easy Time Clock Client

FAQS Guide for Cellular and Other Mobile Computing Devices Employees and Supervisors

PCI Compliance Updates

CELLULAR TELEPHONE USE POLICY

ICT Security Policy. ~ 1 od 21 ~

University of Alabama at Birmingham MINIMUM SECURITY FOR COMPUTING DEVICES RULE July 2017

SAC PA Security Frameworks - FISMA and NIST

ANZ Mobile Pay Terms and Conditions and Licence Agreement for Android Devices

Electronic Network Acceptable Use Policy

Virginia Commonwealth University School of Medicine Information Security Standard

INFORMATION RESOURCE SECURITY CONFIGURATION AND MANAGEMENT

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

a. UTRGV owned, leased or managed computers that fall within the regular UTRGV Computer Security Standard

PS Mailing Services Ltd Data Protection Policy May 2018

Bring Your Own Device Policy

Sunstar Americas, Inc.

Physical Safeguards Policy July 19, 2016

Use of Mobile Devices on Voice and Data Networks Policy

SPRING-FORD AREA SCHOOL DISTRICT

Mobile Wallet Service Terms and Conditions

Brazosport Independent School District Employee/Agent Acceptable Use Agreement For Internet/Network Access and Use

PENN MANOR SCHOOL DISTRICT

GENERAL ORDER PORT WASHINGTON POLICE DEPARTMENT

Subject: University Information Technology Resource Security Policy: OUTDATED

Notice to our customers regarding Toll Fraud

Rev.1 Solution Brief

Procedure: Bring your own device

State of Colorado Cyber Security Policies

SECURITY & PRIVACY DOCUMENTATION

Department of Public Health O F S A N F R A N C I S C O

Cell Phones PROCEDURE. Procedure Section: Business and Administrative Matters - Purchasing 607-A. Respectfully submitted by:

PCA Staff guide: Information Security Code of Practice (ISCoP)

Transcription:

DEPARTMENT OF THE NAVY UNITED STATES NAVAL ACADEMY 121 BLAKE ROAD ANNAPOLIS MARYLAND 21402-1300 USNAINST 851 0.02A 28/ITSD USNA INSTRUCTION 851 0.02A From: Superintendent, U.S. Naval Academy Subj: GOVERNMENT-ISSUED COMMERCIAL MOBILE DEVICE Ref: (a) USNAINST 8510.01, Cybersecurity Risk Management (b) USNAINST 7320.10, USNA Management ofpersonal Property (c) OPNAVINST 2 100.2A, Navy Policy and Procedures on the Issuance, Use, and Management of Government-Owned Cellular Phones, Personal Digital Assistants, and Calling Cards Encl: (1) Mobile Device Use Agreement 1. Purpose. Per reference (a), this instruction establishes U.S. Naval Academy (USNA) policy for configuring and using a government-purchased Commercial Mobile Device (CMD). 2. Cancellation. USNAINST 8510.02 dated 26 Apr 2016. 3. Scope and Applicability. This instruction applies to government-purchased smartphones and tablet computers that are issued into the custody of certain USNA staff members. This instruction does not apply to laptop computers. 4. Background. CMDs are issued to facilitate email, text, voice, and video communications supporting timely, responsive, and efficient duty perfmmance for a small number ofusna staff employees in unique positions. They are not issued for recreation or personal social media purposes. The small size and mobility inherent in CMDs present a unique risk to information security and highly portable devices such as smartphones and tablets that can easily be misplaced, forgotten, or stolen, present an even greater risk. Proper device configuration and safe operational behavior provide defense against these risks. CMDs purchased by USNA for issue are not configured to use Public Key Infrastructure (PKI) and therefore have additional use restrictions. 5. Policy. Requirements and guidelines to properly configure and use CMDs are specified in the fo llowing areas: general policies and operational behavior; email, messaging, and web browsing; applications; connections; multimedia; and enterprise configuration management.

a. General Policies and Operational Behavior (1) CMDs shall be reset to factory default settings before re-configuring it for issue to a new user. (2) CMD may only be issued to a specific USNA employee for their individual use only, and may not be loaned to another individual. An exception may be authorized by the Information Technology (IT) Services Division (ITSD) Deputy for Information Technology/Chief Information Officer for a mobile device configured with an authorized group account (e.g., Naval Academy Duty Officer). (3) Before the first use of a CMD, an employee must complete the prescribed CMD training and digitally sign a Mobile Device User Agreement. CMD users must subsequently complete the prescribed annual training on using the device and security. (4}The USNA Acceptable Use Policy for USNA IT Resources and the Navy User Agreement apply to using a CMD. (5) Except in an emergency, a CMD shall not be used while driving unless used in a hands-free manner where such use is not prohibited by DoD or state law. (6) Users shall not transmit or receive classified information by any means when using a CMD (e.g., email, text, voice, or image) or process or store classified information on a CMD. CMDs are not permitted in any location where classified documents or information are stored, transmitted, or processed. (7) Physical control shall be maintained at all times. CMDs shall not be left unlocked or unattended in public places. Personnel shall be cognizant of the physical environment if a CMD is used to discuss sensitive information. (8) Location services shall be turned off when not in use. (9) Users shall not attempt to circumvent security ("hack," "jailbreak," or "root"). (10) A CMD user must notify ITSD prior to relocating the CMDs outside the United States and obtain prior approval to use international cellular service. A user will be held responsible for international roaming charges if charges were not authorized in advance. WiFi will be disabled on CMDs that are relocated outside of the United States. The CMD user must contact ITSD upon returning to the United States to have the CMD wiped and reconfigured. (11) A CMD user has stewardship responsibility for prudent voice and data usage. A CMD should not be used for voice communication when a landline is available (e.g., in the user's office), nor should the CMD be used to access internet services when a government computer 2

can be used. Except when actively in use, the CMD should remain off in areas subject to roaming charges. ( 12) Voice and text messaging used for a non-official purpose is permitted only if the use occurs on breaks, lunch periods, or non-duty hours; does not adversely affect the employee's performance or accomplishing the USNA mission; does not reflect adversely on USNA, DON, DoD, or the U.S. Government; and does not incur additional cost to the U.S. Government. b. Applications. The following policy pertains to application installation, use, and removal: (1) The USNA Configuration Control Board (CCB) shall conduct a risk assessment and approve all applications and application updates, including over-the-air updates, prior to installing the work profile. (2) When available, firewall and antivirus solutions shall be installed and kept up-to-date on CMDs. Users shall not attempt to disable or otherwise change firewall and antivirus configuration settings. c. Email, messaging, and web browsing: ( 1) The enterprise email service accessed from the enterprise-managed profile shall be used for all work related email communication. A personal email account accessible from a personal profile shall never be used for work related email communication. (2) Email sent from a CMD shall not disclose that the email originated from a mobile device (e.g., "Sent From My Smartphone"). d. Connections (1) Cellular. CMDs shall only connect to the USNA-approved cellular carrier. Users shall not attempt to "unlock" or otherwise modify a device to change carriers. (2) WiFi. A WiFi capable CMD: (a) Is never permitted to connect to: 1. A classified wireless network (e.g., Non-Secure Internet Protocol Router Network and Secret Internet Protocol Router Network)..f.. A WiFi network outside of the United States. (b) Is permitted to connect to: only. 1. The unclassified wireless USNA mission network for non-privileged access 3

.f.. A home wireless network ONLY if an enterprise-managed "work profile" is configured on the device. d A public WiFi network. ~- A hotel WiFi network. (c) Must not broadcast WiFi as an access point (i.e., function as a router for a wireless network). WiFi shall be disabled when not in use. network. (d) Must be configured, as possible, to prompt users before connecting to a wireless (3) Bluetooth. Bluetooth use is prohibited except when a CMD is connected for handsfree voice communication. At all other times Bluetooth shall be disabled. ( 4) USB and storage. USB connections are prohibited. A CMD shall not be used as a removable storage device, and a removable storage device (e.g., USB flash drive, external hard drive, Secure Digital (SD) flash card) may not be connected to a CMD. e. Multimedia. CMDs are issued to facilitate work-related email, text, and voice communications. The following policies pertain to using and storing multimedia (audio, video, pictures, and streamed content) on CMDs: (1) Using removable media such as SD cards is not permitted. (2) Screen capture shall not be used. f. Entemrise Management. CMDs will be managed on a USNA enterprise basis as a separate collection of devices with security policies that differ from personally owned portable electronic devices: (1) The most recent version of the CMD Operating System (OS) shall be present on the device. (2) CMD security configurations shall not be changed by the user. (3) The most recent version of a Device Policy Application, if available, shall be installed and functioning. The following minimum set of settings shall be enforced if supported by the CMDOS: system. (a) The device must be registered with the USNA enterprise CMD management 4

(b) Data on the CMD is encrypted. (c) Application auditing is enabled. (d) Remote wipe by user is enabled. (e) CMD sync to the USNA domain is enabled. (f) A PIN, password, or passcode of at least eight characters must be set. (g) The screen will lock after no more than five minutes of inactivity. (h) Data on the CMD will be wiped after 10 unsuccessful password attempts. (i) Data on the CMD will be wiped automatically after 35 days of inactivity. G) CMDs will be blocked upon detecting installation of a superuser binary. 6. Records Management. Records created as a result of this instruction, regardless of media and format, must be managed per SECNA V Manual 5210.1 of January 2012. 7. Review and Effective Date. Per OPNA VINST 5215.17 A, ITSD will review this instruction annually on the anniversary of its effective date to ensure applicability, currency, and consistency with Federal, DoD, SECNAV, and Navy policy and statutory authority using OPNA V 5215/40 Review of Instruction. This instruction will automatically expire 5 years after effective date unless reissued or canceled prior to the 5-year anniversary date, or an extension has been granted. Releasability and Distribution: Non Mids (electronically) 5

GOVERNMENT-ISSUED COMMERCIAL MOBILE DEVICE USE AGREEMENT A Government-issued Commercial Mobile Device (CMD) is issued to facilitate email, text, voice, and communications for official business associated with assigned duties. 1. CMDs are for unclassified use only, will not be taken into an area where classified information is processed, and will not be connected to a classified network or information system. Classified or sensitive information shall not be discussed on a CMD. 2. I will act as a responsible steward of voice and data charges. Charges associated with unauthorized use will be paid by the user. 3. I will immediately notify my supervisor and the USNA Information System Security Manager (ISSM) if a CMD or calling card is lost, stolen, or damaged. I will reimburse the government to replace a CMD that is lost due to my negligence. 4. I will immediately notify my supervisor and the USNA ISSM if a data spill occurs. 5. I will keep location services and the Bluetooth and WiFi radios off at all times except when required for use. 6. I will not take a CMD overseas unless granted prior approval by ITSD. 7. I understand that in addition to administrative and disciplinary action, improper use may result in a revocation of my device or calling card use. 8. I have read, understand, and will comply with the Government-Issued Commercial Mobile Device Policy, the USNA Acceptable Use Policy for Information Technology Resources, and the Navy User Agreement and Notice and Consent Provisions. 9. Signing this agreement documents your consent to the provisions above, that you acknowledge the device is for authorized use only, and that you acknowledge receipt and assume custodial responsibility for the following items: Make and Model: Serial Number: Service Provider: Digital Signature: Enclosure (1)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback