CJSM Mobile Device Security Policy

This article covers the Mobile Device Security Policy (Mobile Phones and Tablets) for accessing CJSM.

10 March 2017  CJSM

CJSM - Article

Policy details

Mobile devices may now be used to access CJSM, however BEFORE using mobile devices the organisation must do two things:

  1. Sign and return the relevant Mobile Device Security Policy to the CJSM Helpdesk (cjsm.helpdesk@egress.com)
  2. EVERY user within their organisation must sign up to the Mobile Device Security Policy before being allowed to use the mobile device with CJSM. The organisation must hold these signed Mobile Device Security Policy and produce them to the Ministry of Justice or their representative upon request.

There are two versions of the full Mobile Device Security Policy:

  • Mobile Device with a Mobile Device Management (MDM) system installed here
  • Mobile Device without an MDM system here

Please see below for details;

Mobile Device Security Policy

 (With Mobile Device Management)

All organisations including sole practitioners with staff, and single users who wish to use mobile devices to access CJSM must read and acknowledge their understanding and agreement to the following:

  1. All organisations should ensure that all CJSM connections are routed over a secure enterprise VPN to provide protection of the traffic as it transits the connection.
  2. All mobile devices MUST be password protected. All organisations SHOULD ensure that Users use a strong (minimum) 9 character password made up of alphanumeric characters.
  3. All organisations MUST ensure that full encryption is enabled on all mobile.
  4. All organisations MUST ensure that the mobile device (For Android and Apple iOS) is configured to disable installation of third-party Apps.
  5. All organisations MUST configure their mobile devices to implement the ‘auto lock’ screen feature.
  6. All organisations MUST ensure that users setup the Auto Erase data feature on their Mobile devices to help to protect their data if the phone is lost.
  7. All organisations MUST ensure that secure configuration is used to lock down permissions given to Apps.
  8. All organisations SHOULD ensure that the USB interface is disabled.
  9. All organisations MUST ensure that they employ best practice anti-virus solutions.
  10. All organisations MUST configure the devices to only use email accounts provisioned via MDM to access CJSM environment.
  11. All organisations MUST provide the users with procedural controls (e.g. Acceptable Use policy (AUP)) to inform the user that Bluetooth should not enabled on their mobile devices, and users MUST not connect to untrusted WiFi connections (e.g. Starbucks, Airport Wi-Fi).
  12. All organisations MUST ensure that all software and security updates are applied.
  13. All organisations MUST ensure that they enable the security features on the device.
  14. All organisations MUST ensure that they disable the ‘Auto Backup’ feature.
  15. All organisations MUST implement MDM solutions that enable the detection of modification of configuration settings on the Mobile Devices.
  16. All organisations MUST provide the users with procedural controls, to inform the user that mobile devices must not be altered.
  17. All organisations MUST ensure that mail settings used to connect to CJSM are configured to support SSL or TLS encryption
  18. I note that the MOJ reserves the right to audit my access to CJSM.
  19. I understand that the MoJ reserves the right to terminate my connection to CJSM in the event that the above mentioned audit activity reveals significant shortfalls in good security practice.

 

Mobile Device Security Policy

(Without Mobile Device Management)

All organisations including sole practitioners with staff, and single users who wish to use mobile devices to access CJSM must read and acknowledge their understanding and agreement to the following:

  1. All mobile devices MUST be password protected. Users SHOULD use a strong (minimum) 9 character password made up of alphanumeric characters i.e. passwords must be a mix of upper and lower case alphabetic characters plus numeric and/or special characters.
  2. All mobile devices MUST implement the ‘auto lock’ screen feature when left idle.
  3. All users MUST setup the Auto Erase data feature on their Mobile devices to protect data if the device is lost.  
  4. All users MUST ensure that full encryption is enabled on mobile devices.
  5. Users who want to use a mail app functionality to access CJSM mail on their mobile devices MUST ONLY use the built-in ‘Mail’ app available on the Mobile device.
  6. All users MUST ensure that they do not install applications where there is no legitimate business need.
  7. All users SHOULD employ best practice anti-virus solutions
  8. All users SHOULD ensure that Bluetooth is not enabled on their mobile devices, and users MUST not connect to untrusted WiFi connections (e.g. Starbucks, Airport Wi-Fi).
  9. Users MUST ensure that all software and security updates are applied
  10. Users MUST enable the security features on the device which provides the ability to remotely lock, wipe and locate their mobile devices – Android (‘Find My Mobile’), Windows 8 (‘Find My Phone’) and iPhone (‘Find My iPhone’).
  11. All users MUST ensure that they disable the ‘Auto Backup’ feature.
  12. All Mobile Devices used to access CJSM MUST not be altered or adapted in any way.
  13. All users SHOULD ensure that external memory devices (e.g. SD cards) are not used with devices used to access CJSM.
  14. All users MUST ensure that mail settings used to connect to CJSM are configured to support SSL or TLS encryption to provide protection of email messages to/from the CJSM mail services.
  15. I note that the MOJ reserves the right to audit my access to CJSM and my compliance with this policy
  16. I understand that the MoJ reserves the right to terminate my connection to CJSM in the event that the above mentioned not adhered.

Any queries please contact the CTS helpdesk.

 

Corrections or suggestions