Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-24953 | WIR-SPP-001 | SV-30690r6_rule | ECWN-1 | Low |
Description |
---|
Mobile devices with cameras are easily used to photograph sensitive information and areas if not addressed. Sites must establish, document, and train on how to mitigate this threat. |
STIG | Date |
---|---|
General Mobile Device Policy (Non-Enterprise Activated) Security Technical Implementation Guide | 2012-02-08 |
Check Text ( C-31111r3_chk ) |
---|
This requirement applies to mobile operating system (OS) smartphones and tablets. Work with traditional reviewer to review site’s physical security policy. Verify the site addresses PDAs and smartphones with embedded cameras. - Mark this as a finding if there is no written physical security policy outlining whether wireless phones with cameras are permitted or prohibited on or in this DoD facility. |
Fix Text (F-27579r2_fix) |
---|
Update the security documentation to include a statement if PDAs and smartphones with digital cameras (still and video) are allowed in the facility. |