Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-30417 | WIR-MOS-NS-050-02 | SV-40123r2_rule | ECWN-1 | Low |
Description |
---|
The risk of viewing and downloading personal email on a non-DoD-network connected mobile device that does not contain sensitive or classified DoD data/information should be evaluated by the DAA against mission need and how the device is intended to be used. There is a risk that personal email could introduce malware on the device, which could impact the performance of the device and corrupt non-sensitive data stored on the device. |
STIG | Date |
---|---|
General Mobile Device (Technical) (Non-Enterprise Activated) Security Technical Implementation Guide | 2013-07-03 |
Check Text ( C-39069r1_chk ) |
---|
Check a sample (2-3) of mobile devices managed at the site authorized to connect to a DoD network or store or process sensitive or classified DoD information. Review the Command’s Mobile Device Personal Use Policy. Determine if devices are being used to view personal email or store personal email messages. The exact procedure will vary, depending on the mobile OS. If personal email is being viewed or downloaded, determine if this use of the device is authorized by the Command’s Mobile Device Personal Use Policy. Mark as a finding if unauthorized personal email is being viewed or downloaded on site managed devices. This check is not applicable if the Command’s Mobile Device Personal Use Policy allows viewing and/or download of personal email. |
Fix Text (F-34180r1_fix) |
---|
Train users to not view or download personal email unless authorized by the Command’s Mobile Device Personal Use Policy. |