UCF STIG Viewer Logo

Smartphones must be configured to require a password/passcode for device unlock.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25007 WIR-MOS-NS-010 SV-40111r2_rule ECWN-1 IAIA-1 Low
Description
Sensitive DoD data could be compromised if a device unlock password/passcode is not set up on DoD smartphones.
STIG Date
General Mobile Device (Technical) (Non-Enterprise Activated) Security Technical Implementation Guide 2013-07-03

Details

Check Text ( C-39059r1_chk )
This check applies to any mobile device (smartphones, tablets, etc.).

Check a sample of 2-3 devices managed by the site to verify a device unlock password/passcode has been enabled on the device. The exact procedure will vary, depending on the OS.
Have the user show that a device unlock password/passcode has been enabled on the device.

Mark as a finding if configuration is not set as required.
Fix Text (F-27657r3_fix)
Configure the MDM server to require a passcode for device unlock.