UCF STIG Viewer Logo

Download of user owned data (music files, picture files, etc.) on mobile devices must be based on the Command’s Mobile Device Personal Use Policy.


Overview

Finding ID Version Rule ID IA Controls Severity
V-30418 WIR-MOS-NS-050-03 SV-40125r2_rule ECWN-1 Low
Description
The risk of installing user owned data (music files, picture files, etc.) on a non-DoD-network connected mobile device that does not contain sensitive or classified DoD data/information should be evaluated by the DAA against mission need and how the device is intended to be used. There is a risk that user owned data (music files, picture files, etc.) could introduce malware on the device, which could impact the performance of the device and corrupt non-sensitive data stored on the device.
STIG Date
BlackBerry Playbook OS (NEA mode) Security Technical Implementation Guide (STIG) 2014-08-25

Details

Check Text ( C-39070r1_chk )
Check a sample (2-3) of mobile devices managed at the site authorized to connect to a DoD network or store or process sensitive or classified DoD information.

Review the Command’s Mobile Device Personal Use Policy.

Determine if any user owned data (music files, picture files, etc.) are installed on the mobile device, including the SD media card. The exact procedure will vary, depending on the mobile OS.

If user owned data (music files, picture files, etc.) are found, determine if these apps are authorized by the Command’s Mobile Device Personal Use Policy.

Mark as a finding if unauthorized user owned data (music files, picture files, etc.) are found on site managed devices. This check is not applicable if the Command’s Mobile Device Personal Use Policy allows the download of personal data files.
Fix Text (F-34181r1_fix)
Do not install personal data files on the mobile device unless authorized by the Command’s Mobile Device Personal Use Policy.