Personnel accessing systems or data using an organisation-owned mobile device or desktop computer are either prohibited from using it for personal purposes or have enforced separation of work data from any personal data.
Topic
Organisation-owned mobile devices and desktop computers
Applicable to
Official, Protected, Secret, Top Secret
History
Priority
Must
Sep 2023
Personnel accessing systems or data using an organisation-owned mobile device or desktop computer are either prohibited from using it for personal purposes or have enforced separation of work data from any personal data.
The existing control relating to the use of organisation-owned mobile devices was amended to include organisation-owned desktop computers, when used as part of working from home arrangements, and with organisations either prohibiting the use of such devices for personal purposes or having enforced separation of work data from any personal data.
Sep 2022
Personnel accessing systems or data using an organisation-owned mobile device use an ASD-approved platform, a security configuration in accordance with ACSC guidance, and have enforced separation of work and personal data.
The language for existing controls covering the use of privately-owned mobile devices and organisation-owned mobile devices was amended to ensure consistency, noting recommendations for securing their use have not changed.
Dec 2021
Personnel accessing systems or data using an organisation-owned mobile device use an ACSC-approved platform with a security configuration in accordance with ACSC guidance.
Miscellaneous changes were made to rationale and security controls throughout the publication. This included:
• A review from the Using the Information Security Manual chapter through to the Guidelines for Media chapter.
• Security controls suitable for all audiences have been identified with the ‘All’ applicability marking while additional security controls suitable for just government audiences have been identified with the O, P, S and TS applicability markings.
• Security controls suitable for specific classifications have been amended to include their classification(s) in the wording of the security controls to reduce the reliance on applicability markings to confer suitability.
• Tables in security controls have been converted into prose to allow for inclusion in the SSP annex template and the XML list of security controls.
• The use of ‘official’ and ‘highly classified’ terminology has been replaced with specific classifications to remove ambiguity.
• Security controls relating to high assurance ICT equipment have had their applicability narrowed to ‘S, TS’ reflecting that they are intended for the protection of SECRET and TOP SECRET systems and data.
Aug 2020
Personnel accessing official or classified systems or information using an organisation-owned mobile device use an ACSC approved platform with a security configuration in accordance with ACSC guidance.
Security control 1482 was amended to note that it relates to the access of an organisation’s systems or information.
Jul 2020
Personnel accessing official or classified information using an organisation-owned mobile device use an ACSC approved platform with a security configuration in accordance with ACSC guidance.
Oct 2019
Personnel accessing official or classified information using an organisation-owned mobile device use an ACSC approved platform with a security configuration in accordance with ACSC guidance.
Security control 1482 was modified slightly to adopt new terminology.
Sep 2019
Personnel accessing official or classified information using an organisation-owned mobile device use an ACSC approved platform with a security configuration in accordance with ACSC hardening guidance.
Aug 2019
Personnel accessing official or classified information using an organisation-owned mobile device use an ACSC approved platform with a security configuration in accordance with ACSC hardening guidance.
Security control 1481 was reviewed and merged into security control 1482.
Jul 2019
Personnel accessing classified information using an organisation-owned mobile device use an ACSC approved platform with a security configuration in accordance with ACSC hardening guidance.
Nov 2018
Personnel accessing classified information using an organisation-owned mobile device use an ACSC approved platform with a security configuration in accordance with ACSC hardening guidance.
Added to address a gap in guidance on organisation-owned mobile devices.