Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-24954 | WIR-SPP-002 | SV-30691r4_rule | ECWN-1 | High |
Description |
---|
PDAs, smartphones, and tablets with embedded cameras can be used to photograph classified material and can be easily concealed. Classified information could be compromised. Photos may also be taken of the areas that would facilitate a subsequent physical security breach. |
STIG | Date |
---|---|
Commercial Mobile Device (CMD) Policy Security Technical Implementation Guide (STIG) | 2013-01-17 |
Check Text ( C-31113r3_chk ) |
---|
Note: This requirement also applies to handheld barcode scanners equipped with imagers, unless the manufacturer certifies the raw image is only used for barcode processing and is not available to any other application. Work with the traditional reviewer to interview the Security Manager. Obtain the following information: 1. Review site’s physical security policy. 2. Verify users are informed of this policy by reviewing user agreements, posted signs, or training material. 3. Powering off, removal of batteries, or blocking Infrared (IR) ports is not acceptable for disabling camera functionality, as these methods have not been tested for efficacy. 4. Mark as a finding if a written policy does not prohibit these devices in classified areas. Note: For CMD systems, the site should consider disabling cameras via a security policy. |
Fix Text (F-27581r2_fix) |
---|
Update site physical security policy. |