The ‘end user devices security and configuration guidance policy’, which was published this week, details the security rules that must be followed for any mobile devices, but for the first time allows the use of employee-owned computers.
“Whilst enterprise ownership of a device makes many information security aspects much simpler, it is not a prerequisite of this guidance,” the CESG documentation says.
While the policy advises government that Bring Your Own Device (BYOD) strategies are possible, it does not recommend these.
The policy, which is currently in beta and awaiting feedback, places a number of restrictions on how staff-owned devices must be used.
These include a requirement for mobile devices to be returned to factory settings before it can be used to access government data, as well as for devices to be able to be fully managed by the employing organisation.
The new guidance permits phones using operating systems, including Android 4.2, BlackBerry 10.1, Apple iOS6, Windows 7 and 8, Windows Phone 8 and RT, Ubuntu 12.04, OS X 10.8 and Google ChromeOS 26.