Overview:

• As part of the Student Services Identity & Security Initiatives, an investigation was requested to determine if password protection is necessary and feasible on PDA and BlackBerry devices.
• The target audience for this recommendation is Student Services Technology & Assessment supported customers who utilize an SSTA supported PDA or BlackBerry device.

Mission:

• Investigate the University’s security policies and procedures as they relate to password protection of PDA or BlackBerry devices.
• Investigate necessity of password protection of PDA and BlackBerry devices.
• Investigate feasibility of password protection of PDA and BlackBerry devices.

Deliverable:

• Statement of University Security Guidelines as they relate to password protection of PDA and BlackBerry devices.
• SSTA PDA & BlackBerry Password Protection Recommendation

Approach:

• Query ITaP Exchange Administrators regarding forced server-side password enforcement.
• Investigate the University’s policies and data handling guidelines as they relate to PDA and BlackBerry devices.
• Test one or more current devices for password protection capability.

Discoveries:

• ITaP Exchange Administrators report they currently have no plans of forcing a password lock on BlackBerries University wide. A new version (4.1) of the server software will have the capability to assign policies by Group. In the future, it may be possible for Student Services to request this enforcement for supported devices. Implementation and management of Groups has not been tested and therefore this recommendation will not consider the ability to force password protection from the server software as an option.
• The University’s Authentication and Authorization Policy states that password protection should be used on mobile devices.
• Password protection is an option on all BlackBerry and PDA devices.
  

PDA & BlackBerry Password Protection
DELIVERABLE

Statement of University Security Guidelines as they relate to password protection of PDA and BlackBerry devices.

• The University’s Authentication and Authorization Policy defines an IT-Resource as:
• A computing asset provided by the University to further its mission of discovery, learning, and engagement. Examples of such assets include, but are not limited to, network bandwidth, computers, mobile devices, printers, and paper.
• This policy further states:
• Access to IT Resources should use password-protected screensavers whenever and wherever possible.

SSTA PDA & BlackBerry Password Protection Recommendation

• BlackBerry and PDA mobile devices should be protected with a password to comply with the University’s Authentication and Authorization Policy.
• Additionally, Student Services recommends that PDA and BlackBerry devices be password protected for safety and security due to the threat of:
• Identity Posing
• A lost or stolen BlackBerry may result in email being sent that would appear to be from the owner of the unit.
• Personal Safety
• A lost or stolen PDA or BlackBerry may result in Calendar items indicating the whereabouts of the owner being identified by disgruntled persons with resentment toward the owner of the unit.
• Instructions for setting the password security option on a BlackBerry can be found on SSTA-WT website’s FAQ page.

Additional Information
The following information does not specifically relate to password protection, but is presented as important information for Student Services BlackBerry and PDA users.

• The University’s Electronically Transmitted Information applies to PDAs and BlackBerries.
• The University’s Electronic Mail Policy states: