UCF STIG Viewer Logo

Connecting mobile devices to user social media web accounts (Facebook, Twitter, etc.) must be based on the Command’s Mobile Device Personal Use Policy.


Overview

Finding ID Version Rule ID IA Controls Severity
V-30419 WIR-MOS-NS-050-04 SV-40127r1_rule ECWN-1 Low
Description
The risk of connecting to user social media web accounts on a non-DoD-network connected mobile device that does not contain sensitive or classified DoD data/information should be evaluated by the DAA against mission need and how the device is intended to be used. There is a risk that connecting to user social media web accounts could introduce malware on the device, which could impact the performance of the device and corrupt non-sensitive data stored on the device.
STIG Date
General Mobile Device (Technical) (Non-Enterprise Activated) Security Technical Implementation Guide 2012-02-08

Details

Check Text ( C-39072r1_chk )
Check a sample (2-3) of mobile devices managed at the site and are not authorized to connect to a DoD network or store or process sensitive or classified DoD information.

Review the Command’s Mobile Device Personal Use Policy.

Determine if the mobile device is being used to connect to user social media web accounts. Look for social media icons on the device and talk to the user. The exact procedure will vary, depending on the mobile OS.

If the device is being used to connect to user social media accounts, determine if these applications are authorized by the Command’s Mobile Device Personal Use Policy.

Mark as a finding if the device is being used to connect to unauthorized user social media accounts. This check is not applicable if the Command’s Mobile Device Personal Use Policy allows connecting to user social media web accounts.
Fix Text (F-34182r1_fix)
Train user to not connect to unauthorized social media web sites unless authorized by the Command’s Mobile Device Personal Use Policy.