UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization must establish usage restrictions for organization-controlled portable and mobile devices.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-MPOL-040 SRG-MPOL-040 SRG-MPOL-040_rule Medium
Description
In order to effectively control access to its information systems, the organization must define usage restrictions for its portable and mobile devices. In the absence of such restrictions, users could execute unauthorized programs and/or utilities, access unauthorized web sites, gain access to and/or download restricted or classified information, knowingly or unknowingly load malware to the organization's information systems, etc. Lack of usage restrictions could result in unauthorized access to, or modification or destruction of, sensitive or classified data.
STIG Date
Mobile Policy Security Requirements Guide 2012-10-10

Details

Check Text ( C-SRG-MPOL-040_chk )
Review the organization's access control and security policy, procedures addressing access control for portable and mobile devices, information system configuration settings, and associated documentation. Organizational personnel who use portable and mobile devices to access the information system will be interviewed. Ensure the organization has developed and published usage restrictions for all portable and mobile devices under its control. If the access control or other appropriate security policy does not address the use of portable and mobile devices, this is a finding.
Fix Text (F-SRG-MPOL-040_fix)
Develop and publish usage restrictions for all organization controlled portable and mobile devices.