Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25016 | WIR-MOS-NS-011 | SV-40113r2_rule | ECWN-1 IAIA-1 | Low |
Description |
---|
Sensitive DoD data could be compromised if a device unlock password/passcode is not set to required length on DoD smartphones. |
STIG | Date |
---|---|
BlackBerry Playbook OS (NEA mode) Security Technical Implementation Guide (STIG) | 2014-08-25 |
Check Text ( C-39061r1_chk ) |
---|
This check applies to any mobile OS device (smartphones, tablets, etc.). Check a sample of 2-3 devices managed by the site to verify the device unlock password/passcode has been set to 8 or more alphanumeric characters. The exact procedure will vary, depending on the mobile OS. Have the user show that a device unlock password/passcode has been set to 8 or more alphanumeric characters. Mark as a finding if configuration is not set as required. |
Fix Text (F-27687r5_fix) |
---|
Configure the mobile operating system to enforce a minimum length for the device unlock password. Where a security container application is used in lieu of mobile operating system protections, configure the security container application to enforce a minimum length password for entry into the application. |