Mobile Devices of any type, whether Sandia-, Government- or personally owned are prohibited from entering any location designated as Secure Space.
A mobile device is a portable computing device that:
- has a small form factor such that it can be can easily be carried by a single individual
- possesses onboard sensors that allow the device to capture audio or video information
- does not utilize a desktop operating system safeguarded by an NNSA Cyber Security Program according to NNSA SD 205.1, Baseline Cyber Security Program
- is designed to operate without a physical connection (e.g., wirelessly transmit or receive information)
- possesses local, non-removable data storage
- is powered-on for extended periods of time with a self-contained power source
Visitors to Sandia may bring and use mobile devices on Sandia-controlled premises but are not allowed to bring their mobile devices into a Limited or more restrictive area.
Sandia Members of the Workforce may bring and use mobile devices on Sandia-controlled premises up to and including limited areas, but such devices must never be brought into Secure Space, or any location designated as a Vault-Type Room (VTR), Special Access Program Facility (SAPF), or a Secure Compartmented Information Facility (SCIF).
Mobile devices may only be used in accordance with their intended consumer use, including but not limited to, making and receiving phone calls, text messaging and listening to music as long as that use does not violate the requirements defined within any Laboratory Policy.
Only Sandia Members of the Workforce are allowed to bring mobile devices into a limited area. Prior to bringing a mobile device into a limited area:
- Turn off Bluetooth and leave it off while in the Limited Area.
- Turn off Wi-Fi and leave it off while in the Limited Area.
- Review “Unallowable Use of Personal Devices” to view additional restrictions.
Sandia-managed mobile devices may be taken anywhere in a limited area not categorized as a Secure Space, VTR, SAPF or SCIF. This includes spaces such as offices and touchdown spaces where classified discussions may or may not occur. Devices in offices or similar areas must be removed and stored in an approved storage location prior to discussing classified information.
Personally owned mobile devices are only allowed in ‘common areas’ not categorized as a Secure Space, VTR, SAPF or SCIF. Common areas may include building hallways, restrooms, break rooms, designated approved storage locations, and outdoors.
Sandia Members of the Workforce and visitors must obey safety- and security-related signs, including any unique to the area being accessed regardless of the type of area. Do not introduce an item or an electronic function (e.g., wireless) to an area where a sign says it is not allowed.
Individuals that choose to bring their mobile devices onto Sandia-controlled premises assume the risk for the device and its usage while on the premises. Sandia is not responsible for loss, damage or theft of mobile devices or data occurring as a result of the device being present or in use at Sandia National Laboratories or in association with confiscation.
Any mobile device brought into a limited area must not be left unattended in any location except for one marked as an approved storage location.
Approved storage is always clearly marked with blue signs. It may be found outside of a limited area building, or inside the building in a common area, such as a foyer or lobby.
Approved storage locations are normally found throughout Sandia-controlled premises, but may not always be located near to where your business is to be conducted. Plan ahead to determine whether your device will be allowed into these areas, and if not, where approved storage is located.
If in doubt, leave it out.
Devices may not enter, or be carried through, an unapproved area to reach a device storage location.
When in an area where your device is allowed, you may not use the device in a manner that would:
- Disrupt work, hinder an individual’s ability to hear announcements, or impact employee safety (e.g. not being aware of surroundings, or being distracted while driving, biking, walking, etc.).
- Be considered a noncompliant activity or is used in a manner that is noncompliant with Laboratory Policy (e.g., violate Sandia Policy on Waste, Fraud, and Abuse).
- Result in the processing or discussion of Classified on any device not approved for Classified.
- Result in the disclosure or capture of Classified or Controlled Unclassified Information (CUI). This includes audio or visual information that is Classified or CUI.
- Acquire any audio or visual information on personnel or their activities without their documented full knowledge and consent.
- Have been altered for uses other than the intended consumer use.
- Result in connecting directly to internal Sandia networks or Sandia owned computing devices (e.g. docking to a government desktop or laptop). This includes using a USB port to charge the device.
- Connect it to any Sandia Wi-Fi network inside a Sandia Limited Area.
- Create a Wi-Fi hotspot in a Sandia Limited Area.
- Turn on Bluetooth inside a Sandia Limited Area.
- Activated the camera feature on a device while inside a Sandia Limited Area. (Note: This does not apply to the use of FaceID on a device approved for use in the Limited Area)
Suspected or reported unallowable use of a personally owned mobile device may result in the confiscation of the device and any associated media for investigation by representatives from Sandia or other properly credentialed authorities.
Unallowable use includes but is not limited to:
- security incidents;
- violations;
- information of personnel security interest;
- waste, fraud, and abuse; and
- any other actual or suspected noncompliance that affects or potentially affects Sandia security and allegations of misconduct that include, but are not limited to violations of Sandia National Laboratories Code of Ethics & Standards of Conduct.
The user of the personally owned mobile device may be asked to provide any passwords or passcodes necessary to facilitate the investigation. Failure to supply the necessary information may result in forfeiture of the device and/or disciplinary action.
The device and any associated media may be sanitized and/or destroyed as a result of the investigation.
There will be no compensation provided for devices or media that are wiped, damaged, or destroyed as a result of investigations for unallowable use.