UCF STIG Viewer Logo

The IAO at the mobile device management server site must verify local sites, where mobile devices are provisioned, issued, and managed, are conducting annual self assessments.


Overview

Finding ID Version Rule ID IA Controls Severity
V-24971 WIR-WMSP-002 SV-30708r2_rule ECWN-1 Low
Description
The security integrity of the mobile device system depends on local sites where mobile devices are provisioned and issued complying with STIG requirements. The risk of malware introduced on a handheld device and avenues of attack into the enclave via a mobile device could result if STIG procedures are not followed.
STIG Date
CMD Management Server Policy Security Technical Implementation Guide (STIG) 2014-08-05

Details

Check Text ( C-31135r2_chk )
Annual self assessments will be conducted according to the appropriate mobile device STIG, with the assessment results being entered into VMS/Component Provided Tracking Database.

Verify the IAO of the site, where the smartphone management server is located, is tracking local/remote sites (where smartphone devices are provisioned, issued, and managed) are conducting annual self assessments according to the appropriate smartphone STIG. Verify the results of the assessments are being entered into VMS/Component Provided Tracking Database.

Note: Command-level action should be considered for local sites not complying with STIG requirements for the provisioning, issuance, and managements of smartphones.

Mark as a finding if required annual self assessments have not been completed by the site.
Fix Text (F-27605r2_fix)
The IAO at the mobile device management server site verifies local sites are conducting annual self assessments.