Back

Establish, implement, and maintain a mobile device management policy.


CONTROL ID
15214
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a mobile device management program., CC ID: 15212

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • A mobile device management policy is developed and implemented. (Security Control: 1533; Revision: 2, Australian Government Information Security Manual, March 2021)
  • A mobile device management policy is developed, implemented and maintained. (Control: ISM-1533; Revision: 3, Australian Government Information Security Manual, June 2023)
  • A Mobile Device Management solution is used to ensure mobile device management policy is applied to all mobile devices. (Control: ISM-1195; Revision: 1, Australian Government Information Security Manual, June 2023)
  • A mobile device management policy is developed, implemented and maintained. (Control: ISM-1533; Revision: 3, Australian Government Information Security Manual, September 2023)
  • Mobile Device Management solutions that have completed a Common Criteria evaluation against the Protection Profile for Mobile Device Management, version 4.0 or later, are used to enforce mobile device management policy. (Control: ISM-1195; Revision: 2, Australian Government Information Security Manual, September 2023)
  • Mobile devices that access OFFICIAL: Sensitive or PROTECTED systems or data use mobile platforms that have completed a Common Criteria evaluation against the Protection Profile for Mobile Device Fundamentals, version 3.2 or later, and are operated in accordance with the latest version of their assoc… (Control: ISM-1867; Revision: 0, Australian Government Information Security Manual, September 2023)
  • Policies for carrying along and using mobile IT devices and mobile data storage devices (e.g. registration before they are carried along, identification obligations) are defined and implemented. (3.1.1 Requirements (should) Bullet 3, Information Security Assessment, Version 5.1)
  • Access protection (e.g. PIN, password), (3.1.4 Requirements (must) Bullet 1 Sub-Bullet 2, Information Security Assessment, Version 5.1)
  • Marking (also considering requirements for use in the presence of customers). (3.1.4 Requirements (must) Bullet 1 Sub-Bullet 3, Information Security Assessment, Version 5.1)
  • MDM with centralized administration configured and implemented to perform at least the following controls: (§ 5.13.2 ¶ 3 2., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • Have a MDM solution to provide the same security as identified in items 1 – 5 above. (§ 5.13.1.4 ¶ 3 1., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • Employ personal firewalls on full-featured operating system devices or run a Mobile Device Management (MDM) system that facilitates the ability to provide firewall services from the agency level. (§ 5.13.3 ¶ 1 6., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)