New Mexico Administrative Code
Title 1 - GENERAL GOVERNMENT ADMINISTRATION
Chapter 12 - INFORMATION TECHNOLOGY
Part 20 - INFORMATION SECURITY OPERATION MANAGEMENT
Section 1.12.20.27 - PORTABLE DEVICES AND REMOVABLE MEDIA

Universal Citation: 1 NM Admin Code 1.12.20.27

Current through Register Vol. 35, No. 18, September 24, 2024

A. All state owned portable computing resources and removable media shall be secured to prevent compromise of confidentiality or integrity of information. All portable computing devices and removable media must be protected by a password.

B. No portable and removable media computing devices may store or transmit sensitive information without suitable protective measures approved by the agency CIO.

C. An agency user of portable computing devices such as notebooks, PDAs, laptops, and mobile phones, Smartphones, or any other such then current portable devices, shall obtain the approval from the agency CIO to use and such approval shall be based on satisfactory documentation that the requirements for physical protection, access controls, cryptographic techniques, back-ups, malware and malicious codes protection and the rules associated with connecting portable devices to networks and guidance on the use of these devices in public places have been met.

D. Agency users shall be instructed that when using portable computing devices or removable media in public places, meeting rooms and other unprotected areas outside of the agency's premises, they must use appropriate protection, such as using cryptographic techniques, firewalls, and updated virus protection shall be in place to avoid the unauthorized access to or disclosure of the agency information stored and processed by these devices.

E. Agency users shall be instructed that when such portable devices or removable media are used in public places care shall be taken to avoid the risk of unauthorized persons viewing on-screen sensitive or protected information.

F. Procedures protecting portable devices or removable media containing sensitive information against malicious software shall be developed, implemented, and be kept up-to-date.

G. Portable devices and removable media containing sensitive or protected information shall be attended at all times and shall be secured e.g. do not leave devices unattended in public places.

H. Agency shall provide training to all staff using portable devices and removable media to raise their awareness with respect to risks resulting from the use of portable devices and removable media and what controls are in place by the agency to protect state data and equipment.

I. Employees in the possession of portable devices and removable media shall not check such items in airline luggage systems or leave in unlocked vehicles. Such devices shall remain in the possession of the employee as carry-on luggage unless other arrangements are required by federal or state authorities.

J. In the event that a state-owned portable device or removable media is lost or stolen, it is the responsibility of the user of that device to immediately report the loss following procedures in 1.12.20.34 NMAC.

Disclaimer: These regulations may not be the most recent version. New Mexico may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.