Controls over mobile computing are required to manage the risks of working in an unprotected environment. In protecting AIsâ information, AIs should establish control procedures covering:
- an approval process for user requests for mobile computing;
- authentication controls for remote access to n… (3.5.2, Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management, V.1 â 24.06.03)
Secure portable computing devices and removable storage media when not in use. This can be done by keeping them under lock and key, attaching them to a fixture by a security cable, hand-carrying, and not leaving them unattended. (Annex A1: Portable Computing & Removable Storage Media Security 44, Singapore(PDPC) Guide to Securing Personal Data in Electronic Medium, Revised 20 January 2017)
never leaving devices or media unattended for any period of time, including by placing them in checked-in luggage or leaving them in hotel safes (Security Control: 1299; Revision: 2; Bullet 1, Australian Government Information Security Manual, March 2021)
never leaving mobile devices or removable media unattended for any period of time, including by placing them in checked-in luggage or leaving them in hotel safes (Control: ISM-1299; Revision: 3; Bullet 1, Australian Government Information Security Manual, June 2023)
Measures for protection from theft (e.g. in public surroundings), (2.1.4 Requirements (must) Bullet 1 Sub-Bullet 4, Information Security Assessment, Version 5.1)
support the capability to provision without reliance on components that may be outside of the device's security zone. (14.8.1 ¶ 1 b), IEC 62443-4-2: Security for industrial automation and control systems â Part 4-2: Technical security requirements for IACS components, Edition 1.0)
Management selects and develops control activities that are designed and implemented to restrict technology access rights to authorized users commensurate with their job responsibilities and to protect the entityâs assets from external threats. (§ 3 Principle 11 Points of Focus: Establishes Relevant Security Management Process Control Activities, COSO Internal Control - Integrated Framework (2013))
Computing devices should be protected against loss and theft by providing users with physical cable locks, anti-theft alarms or equivalent security devices. (CF.14.01.06a, The Standard of Good Practice for Information Security)
Computing devices should be protected against loss and theft by removing any markings / labels that show the owner of the device (e.g., individual's name or organization's name). (CF.14.01.06c, The Standard of Good Practice for Information Security)
Computing devices should be protected against loss and theft by the use of indelible marking. (CF.14.01.06d, The Standard of Good Practice for Information Security)
Computing devices should be protected against loss and theft by issuing instructions on how to return the equipment in the event of loss or theft (e.g., indicating a 'finders fee' or reward for safe return). (CF.14.01.06e, The Standard of Good Practice for Information Security)
Computing devices should be protected against loss and theft by attaching tamperproof labels, with identification details (e.g., a unique asset number, bar code, or qr code). (CF.14.01.06b, The Standard of Good Practice for Information Security)
Computing devices should be protected against loss and theft by the use of indelible marking. (CF.14.01.03d, The Standard of Good Practice for Information Security, 2013)
Computing devices should be protected against loss and theft by issuing instructions on how to return the equipment in the event of loss or theft (e.g., indicating a 'finders fee' or reward for safe return). (CF.14.01.03e, The Standard of Good Practice for Information Security, 2013)
Computing devices should be protected against loss and theft by providing users with physical cable locks, anti-theft alarms or equivalent security devices. (CF.14.01.03a, The Standard of Good Practice for Information Security, 2013)
Computing devices should be protected against loss and theft by removing any markings / labels that show the owner of the device (e.g., individual's name or organization's name). (CF.14.01.03c, The Standard of Good Practice for Information Security, 2013)
Computing devices should be protected against loss and theft by attaching tamperproof labels, with identification details (e.g., a unique asset number, bar code, or qr code). (CF.14.01.07b, The Standard of Good Practice for Information Security, 2013)
Management selects and develops control activities that are designed and implemented to restrict technology access rights to authorized users commensurate with their job responsibilities and to protect the entity's assets from external threats. (CC5.2 ¶ 2 Bullet 3 Establishes Relevant Security Management Process Controls Activities, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus â 2022))
support the capability to provision without reliance on components that may be outside of the device's security zone. (14.8.1 ¶ 1 (b), Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
Management selects and develops control activities that are designed and implemented to restrict technology access rights to authorized users commensurate with their job responsibilities and to protect the entity's assets from external threats. (CC5.2 Establishes Relevant Security Management Process Controls Activities, Trust Services Criteria)
Management selects and develops control activities that are designed and implemented to restrict technology access rights to authorized users commensurate with their job responsibilities and to protect the entity's assets from external threats. (CC5.2 ¶ 2 Bullet 3 Establishes Relevant Security Management Process Controls Activities, Trust Services Criteria, (includes March 2020 updates))
protecting the Member's physical facility against unauthorized intrusion by imposing appropriate restrictions on access to the facility and protections against the theft of equipment; (Information Security Program Bullet 3 Deployment of Protective Measures Against the Identified Threats and Vulnerabilities ¶ 1 Sub-bullet 1, 9070 - NFA Compliance Rules 2-9, 2-36 and 2-49: Information Systems Security Programs)
Does the organization consider a physical asset loss or a physical asset theft an information security event? (§ J.1.3.9, Shared Assessments Standardized Information Gathering Questionnaire - J. Incident Event and Communications Management, 7.0)
An agency shall furnish users with a list of security measures they should implement to protect their handheld Bluetooth devices from theft. (§ 5.5.7.4 ¶ 4(1), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
