UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The site Incident Response Plan or other procedure must include procedures to follow when a mobile operating system (OS) based mobile device is reported lost or stolen.


Overview

Finding ID Version Rule ID IA Controls Severity
V-24962 WIR-SPP-007-01 SV-30699r7_rule Low
Description
Sensitive DoD data could be stored in memory on a DoD operated mobile operating system (OS) based mobile device and the data could be compromised if required actions are not followed when a mobile device is lost or stolen. Without procedures for lost or stolen mobile operating system (OS) based mobile devices, it is more likely that an adversary could obtain the device and use it to access DoD networks or otherwise compromise DoD IA.
STIG Date
Mobile Device Policy Security Technical Implementation Guide (STIG) 2019-05-21

Details

Check Text ( C-31122r10_chk )
Detailed Policy Requirements:

The site (location where mobile devices are issued and managed and the site where the mobile operating system (OS) based mobile device management server is located) must publish procedures to follow if a mobile device has been lost or stolen. The procedures should include (as appropriate):

- Mobile device user notifies ISSO, SM, and other site personnel, as required by the site’s Incident Response Plan, within the timeframe required by the site’s Incident Response Plan.

- The ISSO notifies the mobile device management server system administrator and other site personnel, as required by the site’s Incident Response Plan, within the timeframe required by the site’s Incident Response Plan.

The site mobile device management server administrator sends a wipe command to the mobile device and then disables the user account on the management server or removes the mobile device from the user account.

- The site will contact the carrier to have the device deactivated on the carrier’s network.

Check procedures:
Interview the ISSO.

Review the site’s Incident Response Plan or other policies to determine if the site has a written plan of action.

If the site does not have a written plan of action following a lost or stolen mobile device, this is a finding.
Fix Text (F-27603r3_fix)
Publish procedures to follow if a mobile operating system (OS) based mobile device is lost or stolen.