Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-24953 | WIR-SPP-001 | SV-30690r3_rule | ECWN-1 | Low |
Description |
---|
Mobile devices with cameras are easily used to photograph sensitive information and areas if not addressed. Sites must establish, document, and train on how to mitigate this threat. |
STIG | Date |
---|---|
General Mobile Device Policy (Non-Enterprise Activated) Security Technical Implementation Guide | 2013-03-19 |
Check Text ( C-31111r3_chk ) |
---|
This requirement applies to mobile operating system (OS) CMDs. Work with traditional reviewer to review site’s physical security policy. Verify the site addresses CMDs with embedded cameras. - Mark this as a finding if there is no written physical security policy outlining whether CMDs with cameras are permitted or prohibited on or in this DoD facility. |
Fix Text (F-27579r3_fix) |
---|
Update the security documentation to include a statement outlining whether CMDs with digital cameras (still and video) are allowed in the facility. |