ETS Policy No. 508.01: Secure Device Standards
Posted on Nov 22, 2017 in PoliciesSTATE OF HAWAII
Office of Enterprise Technology Services Policy No. 508.01
Secure Device Standards
Revision No./Date: December 1, 2017
| Category | Minimum Standard | Comments |
|---|---|---|
| Operating systems | Operating systems must have mainstream support by the vendor | This is typically the current or immediately prior generation, i.e., “N-1” (e.g., Windows 8 and 10) |
| Operating system and application updates | Enabled | When manual updates are required, reasonable effort should be made to stay current |
| Device management platform compatibility | Microsoft Intune (if supported) | Mobile device management software with enabled remote location and erase services |
| Device passwords | Desktop/Laptop: 10 characters
Mobile device: 6 characters All passwords must be unique |
|
| Device biometric security | Acceptable (provided the overriding device password meets standard above) | Examples of biometrics include thumb print and facial recognition |
| Screen lock | Manual and auto screen lock functionality enabled (users must manually lock device screen when intentionally leaving the device unattended, in addition to enabling auto screen lock timer)
Desktop: Auto lock after 15 minutes Laptop and mobile device: Auto lock after 5 minutes |
Device shall require reentry of password or biometrics after specified time |
| Full-Device/Disk encryption | AES 128-bit or higher (if supported) | Effective immediately for existing devices, if supported, and all NEW devices, without exception
Effective for all devices without exception beginning July 1, 2018 |
| Device endpoint protection | Anti-Malware/Virus enabled and updating regularly (excluding Apple iOS)
|
|
| “Jailbroken” or “rooted” devices | Prohibited | Jailbreaking or rooting refers to mechanisms that involve overriding manufacturer controls and permissions |