Requirement:
The cybersecurity requirements for mobile devices security and BYOD must be implemented.
Control Implementation Guidelines:
- All cybersecurity requirements related to the security of mobile devices and BYOD for the organization must be implemented, which may include the following:
- Ensure the isolation, segregation, and cryptography of data and information of the organization stored on mobile devices and BYOD from the rest of the information and data on the device
- Ensure the use must be specified and restricted to the requirements of the organization
- Provide us of workstations and mobile devices with privileged access following the principle of least privilege
- Ensure that the storage media of critical and sensitive workstations and mobile devices are encrypted and have privileged access
- Ensure that data and information of the organization stored on mobile devices and BYOD must be deleted when devices are lost or after the end/termination of the functional relationship with the organization
- Ensure the activation of Remote Wipe on all mobile devices that store or process the organization's classified information
- Implement the organization's Group Policy and apply it to all workstations and mobile devices to ensure compliance with regulatory and security controls
- Provide security awareness to users
- Centrally manage workstations and mobile devices through, but not limited to, the Active Directory server or through a centralized management system
- Implement secure configuration and hardening controls to workstations and mobile devices in accordance with cybersecurity standard controls
- Establish procedures to ensure the implementation of cybersecurity requirements adopted for the organization's mobile devices and personal devices (BYOD) management in accordance with the relevant laws and regulations
Expected Deliverables:
- An action plan to implement the cybersecurity requirements for mobile devices and personal devices (BYOD) security management
- Sample showing the implementation of mobile devices and BYOD security controls at the organization, including but not limited to:
- Sample showing that the organization's use of advanced technologies for mobile devices and personal devices (BYOD) security (e.g., the existence of advanced technologies necessary to separate and encrypt the organization's data and information stored on mobile devices and BYOD)
- Sample showing the central management of workstations and mobile devices, including but not limited to a screenshot from the Active Directory server in addition to configuration
- Defined and approved procedures for handling mobile devices and personal devices (BYOD) at the organization
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.