7.4 Creating a Mobile Security Policy

7.4.1 Procedure

  1. On the Getting Started with Mobile Management page, navigate to the Mobile Security and Control section and click Create New Policies. Alternatively, from the left hand side navigation pane of ZCC, navigate to Policies > New > Policies.

  2. On the Select Platform page, select Mobile and then click Next.

  3. On the Select Policy Category page, select General Mobile Policies and then click Next.

  4. On the Select Policy Type page, select Mobile Security Policy and then click Next.

  5. On the Define Details page, specify a name for the policy, select the folder in which to place the policy, then click Next.

  6. On the Select Security Levels page you can assign different security levels to corporate-owned devices and personally-owned devices. There are five security levels. Each security level provides pre-configured defaults for the password, encryption, and device inactivity settings. After the policy is created, you can edit the policy to customize individual settings, if needed.

    Select from the following security levels and click Next:

    • None: All settings are inherited from other Mobile Security policies applied to the device. If no other policies are applied to the device, the device’s default settings are used.

      The None security level is useful for creating exceptions for devices. For example, you might have a corporate Mobile Security policy that applies a Moderate security level to all devices. However, you have a few devices on which you want to enforce storage card encryption, which is not enforced by the Moderate security level. You create a policy with the None security level, edit the policy to turn on storage card encryption, and then assign the policy to the appropriate devices.

      The None security level is also useful for overriding a few default settings on devices. For example, you might want to retain all of the default settings of the device with the exception that you want to enable the Require Encryption setting. In this scenario, you need to create a policy with the None security level, edit the policy to turn on device encryption, and then assign the policy to the appropriate devices. The devices will retain all default settings except for the device encryption setting enforced through the policy.

    • Low: Enforces a password on the device. The password can be a simple password with a minimum of 4 characters.

    • Moderate: Enforces a password and inactivity lockout. The password must be an alphanumeric password with a minimum of 6 characters. A 30 day password expiration is enforced, and the last 5 passwords cannot be reused. After 5 minutes of inactivity, the device is locked; after 10 failed attempts to unlock the device, it is wiped.

    • Strict: Enforces a password, encryption, and inactivity lockout. The password must be a complex password with a minimum of 8 characters. A 30 day password expiration is enforced, and the last 7 passwords cannot be reused. The device and its storage card are encrypted. After 1 minute of inactivity, the device is locked; after 7 failed attempts to unlock the device, it is wiped.

    • High: Same as the Strict security level with higher restrictions for each complex password setting. The password must be a strong complex password with a minimum of 8 characters. A 30 day password expiration is enforced, and the last 10 passwords cannot be reused. The device and its storage card are encrypted. After 1 minute of inactivity, the device is locked; after 5 failed attempts to unlock the device, it is wiped.

  7. On the Summary page.

    • Create as Sandbox: Creates a Sandbox-only version of the policy. A Sandbox version of a policy enables you to test it on your device before actually deploying it

    • Define Additional Properties: Enables you to edit the default security settings configured in the policy. For more information, see Editing Mobile Security Policy Settings.

    Click Finish to complete the policy.