UCF STIG Viewer Logo

CMD Management Server Policy Security Technical Implementation Guide (STIG)


Date Finding Count (7)
2014-08-05 CAT I (High): 1 CAT II (Med): 1 CAT III (Low): 5
STIG Description
This STIG contains the policy, training, and operating procedure security controls for the use of CMD management servers in the DoD environment. This STIG replaces the Wireless Management Server STIG (V1R6). Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-24957 High If a data spill (Classified Message Incident (CMI)) occurs on a wireless email device or system at a site, the site must follow required data spill procedures.
V-24955 Medium A data spill (Classified Message Incident (CMI)) procedure or policy must be published for site CMDs.
V-24970 Low The CMD management server administrator must receive required training.
V-24962 Low The site Incident Response Plan or other procedure must include procedures to follow when a mobile operating system (OS) based mobile device is reported lost or stolen.
V-24969 Low Required actions must be followed at the site when a CMD has been lost or stolen.
V-28313 Low CMD management server administrator training must be renewed annually.
V-24971 Low The IAO at the mobile device management server site must verify local sites, where mobile devices are provisioned, issued, and managed, are conducting annual self assessments.