...
Tufts is a BYOD environment. It is our hope by piloting the Secure Pilot we will be able to provide those legally responsible for Tufts data a way to determine if a secure policy is right to be enforced at a universal level if connecting a device to the Tufts environment.
Summary of the Policy
- Enforces a password of minimum length 4 on a mobile device that mounts Exchange.
- Policy is not enforced if Box app is installed
- Password complexity is not a requirement, nor password age, or password reset frequency. These items are security deterrents but unnecessary to attain the Goals stated above.
- After 10 incorrect password entries, a wipe code is sent to the device. The user is warned of this.
- The Device is instructed to compare its local policy to the server every hour. Changes in the server policy will appear on the device within 1h:59minutes.
- The device policy does not allow "Unsigned Applications" (those not approved by the OS provider, or sanctioned App store
- The device policy does not otherwise restrict options on the device, in order to observe the BYOD environment at Tufts.
- The policy will not allow a device that cannot accept the policy (due to incompatibilities in OS) to connect to Exchange over ActiveSync
Known Issues
- Some OSes have non-PIN based passwords such as geometric passwords (Android) or picture passwords (Windows 8) This policy enforces a pin-type password.
- This policy only pertains to Activesync devices. Connecting to Exchange over IMAP or HTTP protocols is not impacted by this
Specifics of the policy (and other options available)
