Setting passcodes on mobile devices is the most basic security requirement for any mobile device to be allowed into a work environment. Passcodes require the user to enter a passphrase to unlock the device. Devices can also be configured to lock automatically after a configurable timeout period. (Typically, five minutes is ideal.)
From a compliance perspective, take a look at the passcode policies that you may want to enforce on devices:
The device needs a passcode configured.
The passcode needs to be of a certain strength, incorporating at least one digit or complex character.
The passcode needs to expire after a certain time period.
The device should lock after a certain time period of inactivity.
Some sort of action should be taken if the threshold for failed attempts to enter the right password (such as ten consecutive bad passcodes entered) is reached.
For different organizations, the exact passcode requirements will vary. For many, it might suffice to simply require a passcode on each mobile device in the corporate network. For others, it might be necessary to enforce additional restrictions, such as the passcode strength and expiry time period. What you specify for your organization’s passcode requirements largely depends on your tolerance for risk and adherence to other corporate policies or restrictions.
At this time, you also need to decide whether to enforce the same set of passcode policies on both personal devices and corporate-owned devices. You have the liberty to define different compliance policies for corporate-owned and personal devices and establish different passcode policies for the two categories of devices.
| Personal Devices | Corporate-Owned Devices |
|---|---|
| Android devices running version 2.1 or later | BlackBerry (all models) |
| Symbian 3 devices | |
| iPhone 3GS, iPhone 4, and iPad running iOS 4.0 or later | |
| No jailbroken or rooted devices |
| Personal Devices | Corporate-Owned Devices |
|---|---|
| Need a passcode | Need a passcode |
| Passcode strength (for example, it should be at least 8 characters long and must include at least one digit) | Passcode strength (for example, it should be at least 8 characters long, and must include at least one digit) |
| Passcode expiry | Passcode expiry |
| Time before autolock | Time before autolock |
| Action taken upon 10 unsuccessful attempts | Action taken upon 10 unsuccessful attempts |
dummies
Source:http://www.dummies.com/how-to/content/passcode-setting-on-enterprise-mobile-devices.html
No comments:
Post a Comment