13.6: Encrypt Mobile Device Data
Utilize approved cryptographic mechanisms to protect enterprise data stored on all mobile devices.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Data |
Protect |
1, 2, 3 |
Dependencies
Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Sub-control 2.1: Maintain an Inventory of Authorized Software
Sub-control 5.1: Establish Secure Configurations
Inputs
The list of approved mobile devices (derived from endpoint inventory; sub-control 1.4)
The list of approved mobile device encryption software (ideally derived from authorized software list; sub-control 2.1)
For each software in Input 2, the approved software configuration policy.
Operations
For each mobile device in Input 1, determine if any of the approved encryption software from Input 2 is installed.
For each mobile device with installed approved encryption software, collect the software configuration information and compare it to the approved configuration policy (Input 3).
Measures
M1 = List of approved mobile devices
M2 = Count of M1
M3 = List of approved mobile devices with approved encryption software installed
M4 = Count of M3
M5 = List of approved mobile devices without approved encryption software installed
M6 = Count of M5
M7 = List of appropriately configured mobile devices
M8 = Count of M7
M9 = List of inappropriately configured mobile devices
M10 = Count of M9
Metrics
Installed Software Coverage
Metric |
What percentage of approved mobile devices are equipped with approved encryption
software?
|
Calculation |
|
Appropriately Configured Devices
Metric |
What percentage of approved mobile devices equipped with approved encryption software
meet or exceed the approved configuration policy?
|
Calculation |
|