Specifications include, but are not limited to: The Vendor {Contractor} shall establish administrative, technical, and physical security controls required to effectively manage the risks introduced by mobile devices used for organizational business purposes. Mobile device security shall include, at a minimum, the following: Establishing requirements for authorization to use mobile devices for organizational business purposes; Establishing Bring Your Own Device (BYOD) processes and restrictions; Establishing physical and logical access controls; Implementing network access restrictions for mobile devices; Implementing mobile device management solutions to provide centralized management of mobile devices and to ensure technical security controls (e.g. encryption, authentication, remote-wipe, etc.) are implemented and updated as necessary; Establishing approved application stores from which applications can be acquired; Establishing lists approved applications that can be used; and Training of mobile device users regarding security and safety.
