If DAA has approved the use of personally-owned PEDs, the owner must sign a forfeiture agreement in case of a security incident.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-28314	WIR0010-02	SV-36042r1_rule	ECSC-1 ECWN-1	Low

Description
The use of unauthorized personally-owned wireless devices to receive, store, process or transmit DoD data could expose sensitive DoD data to unauthorized people. The use of personally-owned PEDs must be controlled by the site. Users must agree to forfeit the PED when security incidents occur, follow all required security procedures, and install required software in order to protect the DoD network.

Description

The use of unauthorized personally-owned wireless devices to receive, store, process or transmit DoD data could expose sensitive DoD data to unauthorized people. The use of personally-owned PEDs must be controlled by the site. Users must agree to forfeit the PED when security incidents occur, follow all required security procedures, and install required software in order to protect the DoD network.

STIG	Date
General Wireless Policy Security Technical Implementation Guide	2011-06-20

Details

Check Text ( C-35839r1_chk )
When personally-owned PEDs are used to transmit, receive, store, or process DoD information, the owner must sign a forfeiture agreement in case of a security incident.

Fix Text (F-30411r1_fix)
If DAA has approved the use of personally-owned PEDs, the owner has signed a forfeiture agreement in case of a security incident.