Approved Date – 02/22/2021
Published Date – 02/22/2021
Revised Date – 05/25/2021

1. Purpose

To establish policy for the roles, responsibilities, and standard practices concerning the effective and efficient management of mobile devices used to access the District of Columbia (DC) government network and conduct government business.

2. Authority

DC Official Code § 1-1401 et seq., provides the Office of the Chief Technology Officer (“OCTO”) with the authority to provide information technology (IT) services, write and enforce IT policies, and secure the network and IT systems for the District. This document can be found at: https://code.dccouncil.us/dc/council/code/sections/1-1402.html.

3. Applicability

This policy applies to all District workforce members responsible for application identity and role definition on behalf of the District, and/or any District agency/District/entity who receive enterprise services from OCTO. In addition, this policy applies to any providers and third-party entities with access to District information, networks, and applications.

4. Policy

Any DC Agency Director that allows DC workforce members to conduct government business and access the DC Government Network on a government-issued mobile device or a personal mobile device must enforce this policy. Any DC workforce member that conducts government business and accesses the DC Government Network on a government-issued mobile device or a personal mobile device must comply with the following directives in this policy.

4.1. Authorized Mobile Devices

DC workforce members may only use government-issued mobile devices or personal mobile devices for government business and/or to access the DC Government Network if a DC Agency Director or his/her designee authorizes such use.

4.2. Mobile Device Management Application

The DC workforce member must download, install, and use an OCTO-approved third-party mobile device management application on the mobile device immediately after receiving authorization to use the mobile device to conduct government business and/or to access the DC Government Network. DC workforce members must comply with Mayor's Order 2012-102, "Use of Private Email to Transact Public Business," and the " Electronic Mail Use Policy," when email systems and services provided by or owned by the DC government are accessed, downloaded, installed, or used on any government-issued or personal mobile device.

4.3. Roles and Responsibilities

4.3.1. Each Agency Director and their designee must:

4.3.1.1. Require all District of Columbia workforce members to download, install, and use an OCTO-approved third-party mobile device management application on the government-issued mobile devices upon receipt of the government-owned mobile device.

4.3.1.2. Inform all District of Columbia workforce members that the use of personal mobile devices for government business is permitted only if: (1) the use is authorized by the Agency Director or their designee and (2) the DC workforce member downloads, installs, and uses an OCTO-approved third-party mobile device management application on the personal mobile device.

4.3.1.3. Require all DC workforce members to receive approval to use personal mobile devices to conduct government business or access the DC Government Network to download, install, and use an OCTO-approved third-party mobile device management application on the personal mobile device.

4.3.1.4. Require each District of Columbia workforce member who uses a government­ issued or personal mobile device to conduct government business to review this policy and related procedures and acknowledge in writing that (1) compliance with the policy is a condition of using any mobile device to conduct government business or access the DC Government Network and (2) he or she consents to the installation and use of the OCTO-approved third-party mobile device management application on their device (if applicable).

4.3.2. Each Agency workforce member must:

4.3.2.1. Download, install and use an OCTO-approved third-party mobile device management application on their government-issued mobile device and any personal device used to conduct government business or access the DC Government Network.

4.3.2.2 Use a password to protect the government-issued mobile device and any personal device used to conduct government business or access the DC Government Network.

4.3.2.3. Acknowledge in writing that (1) compliance with the policy is a condition of using any mobile device to conduct government business or access the DC Government Network and (2) he or she consents to the installation and use of the OCTO­approved third-party mobile device management application on their device (if applicable).

4.3.3. OCTO must assist Agency Directors and their designees to implement and enforce this policy and must designate the OCTO-approved third-party mobile device management software or application that DC workforce members must download, install, and use on mobile devices used to conduct government business and/or access the DC Government Network.

4.4. District Government Reserved Rights

DC government reserves the right to: (1) track any government-issued mobile device used by DC workforce members that access the DC Government Network; (2) monitor the location of any government-issued mobile device that accesses the DC Government Network; and (3) restrict access to data and files on the government-issued mobile device. If the DC government elects to install tracking features on any government-issued mobile device, the Agency Director issuing the device must notify the DC workforce member using the device, both verbally and in writing, that the DC government is using a tracking feature on the government-issued mobile device.

5. Exemption

Exceptions to this policy shall be requested in writing to the Agency’s CIO and the request will be escalated to the OCTO Chief Information Security Officer (“CISO”) for approval.

6. Definitions

The definition of the terms used in this document can be found in the Policy Definitions website.