NIH encourages and supports the use of laptops and mobile devices such as smartphones and tablets, both government furnished and personally owned. These devices have become indispensable tools for today's highly mobile workforce as they can be used for many essential business functions such as sending and receiving email, storing documents, delivering presentations, accessing the Internet, and remotely accessing data. While these devices provide productivity benefits, they also pose new security risks to the NIH when used to access NIH resources. Because of their small size and use outside the office, some mobile devices may be easier to misplace or steal than a laptop or notebook computer. If they do fall into the wrong hands, gaining access to the information they store or access remotely can be relatively easy if the proper precautions are not taken.

As with any computer platform, there are certain basic security requirements that must be in place to address the associated risks. To ensure that we are providing an adequate level of security for mobile devices, pre-emptive and reactive minimal controls are necessary to guard against the threat of physical loss of the device or the loss of logical integrity. Asset provisioning, inventory, basic configuration management, the ability to monitor the health and integrity of these devices, along with the ability to quickly and effectively respond to security incidents must all be in place to implement a successful mobile device security program at NIH.

Lost or stolen NIH equipment and/or NIH data containing Personally Identifiable Information (PII), Protected Health Information (PHI) or Sensitive Information (SI) must be reported to NCI at Frederick Protective Services (301-846-1091) and the NIH IT Help Desk (Toll Free 866-319-4357) within one hour of discovery. The NIH Mobile Device Management (MDM) Service is the suite of applications used to secure mobile devices that connect to or synchronize with the NIH network (NIHnet) or NIH internal resources. An enterprise wipe command may be issued to a government furnished device or to the MDM application on personally owned devices. The MDM Service provides security by implementing the controls that guard against the threat of physical loss of the device or the loss of logical integrity of government furnished and personally owned mobile devices.

NIH policies and guidelines as well as NCI at Frederick policies hold you responsible for your government-owned portable/mobile computing device and its data.

* Examples of Portable/Mobile Computing Devices (e.g., Laptop, Desktop, iPhone, iPad, Camera, BlackBerry)

Media (e.g., Hard Drive, USB/Thumb Drive, Secure Digital Media Card, CD-ROM, DVD)

For more information see: