Detailed Policy Requirements: The CMD system administrator must perform a wipe command on all new or reissued CMDs, reload system software, and load a STIG-compliant security policy on the CMD before issuing it to DoD personnel and placing the device on a DoD network. The intent is to return the device to the factory state before the DoD software baseline is installed.
When wireless activation is performed, the activation password is passed to the user in a secure manner (e.g., activation password is encrypted and emailed to an individual).
Check Procedures: Interview the ISSO. Verify required procedures are followed. If required procedures were not followed, this is a finding. |