V-25007 | Low | Smartphones must be configured to require a password/passcode for device unlock. | Sensitive DoD data could be compromised if a device unlock password/passcode is not set up on DoD smartphones. |
V-25016 | Low | The device minimum password/passcode length must be set. | Sensitive DoD data could be compromised if a device unlock password/passcode is not set to required length on DoD smartphones. |
V-24986 | Low | All non-core applications on mobile devices must be approved by the DAA or Command IT Configuration Control Board. | Non-approved applications can contain malware. Approved applications should be reviewed and tested by the approving authority to ensure they do not contain malware, spyware, or have unexpected... |
V-25010 | Low | The smartphone inactivity timeout must be set. | Sensitive DoD data could be compromised if the smartphone does not automatically lock after the required period of inactivity. |
V-30418 | Low | Download of user owned data (music files, picture files, etc.) on mobile devices must be based on the Command’s Mobile Device Personal Use Policy. | The risk of installing user owned data (music files, picture files, etc.) on a non-DoD-network connected mobile device that does not contain sensitive or classified DoD data/information should be... |
V-30419 | Low | Connecting mobile devices to user social media web accounts (Facebook, Twitter, etc.) must be based on the Command’s Mobile Device Personal Use Policy. | The risk of connecting to user social media web accounts on a non-DoD-network connected mobile device that does not contain sensitive or classified DoD data/information should be evaluated by the... |
V-30412 | Low | The installation of user owned applications on the mobile device must be based on the Command’s Mobile Device Personal Use Policy. | The risk of installing personally owned or freeware apps on a DoD mobile device should be evaluated by the DAA against mission need and how the device is intended to be used. There is a risk that... |
V-30417 | Low | The use of the mobile device to view and/or download personal email must be based on the Command’s Mobile Device Personal Use Policy. | The risk of viewing and downloading personal email on a non-DoD-network connected mobile device that does not contain sensitive or classified DoD data/information should be evaluated by the DAA... |