UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

If Commercial Mobile Devices (CMD) (smartphones or tablets) are used as clients in the campus WLAN system, DoD CIO Memorandum, Use of Commercial Mobile Device (CMD) in the Department of Defense (DoD) must be followed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36593 WIR-CWLAN-04 SV-48095r1_rule ECWN-1 Medium
Description
DoD CIO Memorandum, “Use of Commercial Mobile Device (CMD) in the Department of Defense (DoD)”, 6 Apr 2011, requires specific security controls be implemented in the DoD because these technologies “adds a new element of risk to DoD information”. Classified DoD networks and/or data could be exposed if required controls are not implemented for CMDs that operate as components of a campus WLAN system that is based on the CSfC Campus IEEE 802.11 Wireless Local Area Network (WLAN) Capability Package.
STIG Date
CSfC Campus WLAN Policy Security Implementation Guide 2014-03-19

Details

Check Text ( C-44833r2_chk )
Interview the IAM and/or the IAO. Determine if CMDs are used as components of the campus WLAN system that is based on the CSfC Campus IEEE 802.11 Wireless Local Area Network (WLAN) Capability Package. If yes, verify the following key requirements in the DoD CIO memo have been implemented:

-The CMDs are managed and controlled by an enterprise management system (Mobile Device Management (MDM) server).
-Software and applications must be installed from an approved source (e.g., DoD application store).

If CMDs are used as components of the campus WLAN system that is based on the Campus IEEE 802.11 Wireless Local Area Network (WLAN) Capability Package and requirements of the DoD CIO memo are not implemented, this is a finding.
Fix Text (F-41232r1_fix)
Implement key requirements of the DoD CIO Memorandum, “Use of Commercial Mobile Device (CMD) in the Department of Defense (DoD).