Mobile Policy Security Technical Implementation Guide (STIG)

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Mobile Policy Security Technical Implementation Guide (STIG)

Overview

Version	Date	Finding Count (6)			Downloads
2	2018-09-07 2016-09-01 2016-09-01 2016-09-01 2016-09-01 2016-09-01	CAT I (High): 2	CAT II (Med): 3	CAT III (Low): 1	Excel	JSON	XML

STIG Description
This STIG provides policy, training, and operating procedure security controls for the use of mobile devices and systems in the DoD environment. This STIG applies to any mobile operating system device used to store, process, transmit, or receive DoD information. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings (MAC II - Mission Support Classified)

Finding ID	Severity	Title	Description
V-8283	High	All wireless/mobile systems (including associated peripheral devices, operating system, applications, network/PC connection methods, and services) must be approved by the approval authority prior to installation and use for processing DoD information.	Unauthorized wireless systems expose DoD networks to attack. The Authorizing Official (AO) and appropriate commanders must be aware of all wireless systems used at the site. AOs should ensure a...
V-19813	High	Computers with an embedded wireless system must have the radio removed or otherwise physically disable the radio hardware before the computer is used to transfer, receive, store, or process classified information, unless the wireless system has been certified via the DoD Commercial Solutions for Classified (CSfC) program.	With the increasing popularity of wireless networking, most laptops have wireless NICs (network interface cards) installed on the laptop motherboard. Although the system administrator may disable...
V-14894	Medium	All wireless network devices, such as wireless Intrusion Detection System (IDS) and wireless routers, access points, gateways, and controllers must be located in a secure room with limited access or otherwise secured to prevent tampering or theft.	DoD data and the network could be exposed to attack if wireless network devices are not physically protected. The Network Security Officer (NSO) will ensure all wireless network devices (i.e.,...
V-15782	Medium	Personnally owned or contractor owned CMDs must not be used to transmit, receive, store, or process DoD information or connect to DoD networks.	The use of unauthorized personally-owned CMDs to receive, store, process, or transmit DoD data could expose sensitive DoD data to unauthorized people. The DoD CIO currently prohitibits the use of...
V-12106	Medium	Unclassified wireless devices must not be operated in Secure Spaces (as defined in DoDI 8420.01) unless required conditions are followed.	The operation of electronic equipment and emanations must be controlled in and around areas where sensitive information is kept or processed. Sites should post signs and train users to this...
V-13982	Low	All users of mobile devices or wireless devices must sign a user agreement before the mobile or wireless device is issued to the user and the user agreement used at the site must include required content.	Lack of user training and understanding of responsibilities to safeguard wireless technology is a significant vulnerability to the enclave. Once policies are established, users must be trained to...