Site physical security policy must include a statement outlining whether CMDs with digital cameras (still and video) are permitted or prohibited on or in this DoD facility.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-24953 | WIR-SPP-001 | SV-30690r4_rule | ECWN-1 | Low |
| Description |
|---|
| Mobile devices with cameras are easily used to photograph sensitive information and areas if not addressed. Sites must establish, document, and train on how to mitigate this threat. |
| STIG | Date |
|---|---|
| Commercial Mobile Device (CMD) Policy Security Technical Implementation Guide (STIG) | 2016-09-30 |
Details
| Check Text ( C-31111r4_chk ) |
|---|
| This requirement applies to mobile operating system (OS) CMDs. Work with traditional reviewer to review site’s physical security policy. Verify the site addresses CMDs with embedded cameras. If there is no written physical security policy outlining whether CMDs with cameras are permitted or prohibited on or in this DoD facility, this is a finding. |
| Fix Text (F-27579r3_fix) |
|---|
| Update the security documentation to include a statement outlining whether CMDs with digital cameras (still and video) are allowed in the facility. |