Security of Mobile Devices - 171-0555-24

Description of Agency

Data security in a mobile device environment is critical to data protection. Mobile devices, including smartphones and tablet computers, have computing power equivalent to traditional personal computers but with the convenience of portability, and the devices enable users to access and store confidential and sensitive information on their mobile devices.

The Department of Technology, Management, and Budget (DTMB) Smart Devices Support Team (SDST) is responsible for DTMB’s administration of mobile devices, which includes the designing, implementing, and enforcing of device configurations. As of August 15, 2023, the mobile devices administered by SDST exceeded 25,000. These devices included smartphones and tablets. Approximately 98% of the managed devices are iOS/iPadOS devices with the remainder being Android devices.

SDST uses a Mobile Device Management (MDM) service to manage the State’s mobile devices. The MDM allows for configuration and compliance enforcement of mobile devices. The State’s MDM enforces the setting of certain restrictions on devices and ensures devices meet requirements to be considered compliant, allowing the user to then gain access to State resources.

In addition, SDST utilizes a Mobile Threat Defense application to circumvent network attacks, block traffic to malicious applications and websites, and assign a risk level to devices.

Audit Objectives

  1. To assess the sufficiency of DTMB’s efforts to administer the secure configuration of mobile devices.
  2. To assess the effectiveness of DTMB’s efforts to establish a governance structure over mobile device security.


Estimated Release Date: Mid 2024

← Back to all work in progress