All items marked with a ! are mandatory to be considered compliant with the Minimum Standards governing the use of Category I data. With Android based devices, some third party applications will be required to implement all of the required functionality, as many security features are not present or not natively exposed in the operating system.
Step |
? |
To Do |
UT Note |
Cat I |
Cat II/III |
Min Std |
|
|
Security Settings |
|
|
|
|
|---|---|---|---|---|---|---|
1 |
|
Update firmware to the latest version |
! |
|
||
2 |
|
Require a passcode |
! |
|
||
3 |
|
Set auto-lock timeout |
! |
|
|
|
4 |
|
Erase data upon excessive passcode failures |
! |
|
|
|
|
|
Additional Security Protection |
|
|
|
|
5 |
|
Turn off Ask to Join Networks |
|
|
|
|
6 |
|
Turn off Bluetooth when not needed |
|
|
||
7 |
|
Forget Wi-Fi networks to prevent automatic rejoin |
|
|
|
|
8 |
|
Erase all data before return, repair, or recycle |
! |
|
|
|
9 |
|
Use a third party application to password protect applications with sensitive data |
|
|
||
10 |
|
Use a third party application to enable data encryption |
! |
|
||
11 |
|
Use a third party application to enable remote wipe functionality |
! |
|
|
UT Note: Addendum
This list provides specific tasks related to the computing environment at The University of Texas at Austin.
Please be aware that the exact process for activating security features will vary from device to device and between versions of the operating system. The instructions here are provided for reference only and will not be applicable to all handsets. It is recommended that users follow the instructions contained in the operating manual for their device where possible.
1 |
Not all devices will support or be upgradable to the most recent version. Check with your carrier and handset manufacturer for available upgrades. |
2 |
1. Press Menu. |
3 |
This section intentionally left blank. |
4 |
Some of the third party applications mentioned for item 11 in the checklist can also provide this functionality. The device should not exceed 20 invalid unlock attempts before erasing. |
5 |
1. Press Menu. |
6 |
1. Press Menu. |
7 |
Trusted but unauthenticated Wi-Fi networks may be spoofed and then automatically joined. If a previously joined network has a common SSID, such as “default” or “linksys”, it is very probable that a device will encounter another Wi-Fi network with the same name and automatically join it. |
8 |
The factory reset option provided in Android, does erase all data, but not securely - the data can be recovered by anyone with physical access to the device. There is no native way to securely delete all user data. Some third party applications available in the Android Marketplace can provide this functionality. |
9 |
Some options for this include App Lock, App Protector Pro, and Protector. These applications allow for a separate password to be required to launch specific applications. This may be useful to secure applications that store sensitive data so they cannot be accessed even if the device is found unlocked. |
10 |
Some options are Touchdown, Good for Enterprise, and Trust Digital. There is a noticeable lack of non-enterprise level solutions for this. Touchdown does not require an additional server component (unlike Good and Trust Digital), but will only encrypt data it synchronizes with the Exchange server. |
11 |
Some options include Norton Mobile Security, Wave Secure, Lookout, Security Shield, and Theft Aware. The exact feature set of each application varies; some do much more than provide remote wipe functionality. At a minimum, users should look for the ability to lock the device remotely, wipe the device remotely, and wipe the device after too many failed unlock attempts when evaluating products for this requirement. |
