Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-30419 | WIR-MOS-NS-050-04 | SV-40127r2_rule | ECWN-1 | Low |
Description |
---|
The risk of connecting to user social media web accounts on a non-DoD-network connected mobile device that does not contain sensitive or classified DoD data/information should be evaluated by the DAA against mission need and how the device is intended to be used. There is a risk that connecting to user social media web accounts could introduce malware on the device, which could impact the performance of the device and corrupt non-sensitive data stored on the device. |
STIG | Date |
---|---|
General Mobile Device (Technical) (Non-Enterprise Activated) Security Technical Implementation Guide | 2013-03-19 |
Check Text ( C-39072r1_chk ) |
---|
Check a sample (2-3) of mobile devices managed at the site and are not authorized to connect to a DoD network or store or process sensitive or classified DoD information. Review the Command’s Mobile Device Personal Use Policy. Determine if the mobile device is being used to connect to user social media web accounts. Look for social media icons on the device and talk to the user. The exact procedure will vary, depending on the mobile OS. If the device is being used to connect to user social media accounts, determine if these applications are authorized by the Command’s Mobile Device Personal Use Policy. Mark as a finding if the device is being used to connect to unauthorized user social media accounts. This check is not applicable if the Command’s Mobile Device Personal Use Policy allows connecting to user social media web accounts. |
Fix Text (F-34182r1_fix) |
---|
Train user to not connect to unauthorized social media web sites unless authorized by the Command’s Mobile Device Personal Use Policy. |