The organization must not use DoD networks to transfer information with non-enterprise activated CMDs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-MPOL-045 | SRG-MPOL-045 | SRG-MPOL-045_rule | Medium |
| Description |
|---|
| As non-enterprise activated CMDs do not have the required and necessary security controls applied to the devices, in all cases, DoD data and the applications that house such data (e.g., email) are at risk of compromise or exfiltration. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2012-10-10 |
Details
| Check Text ( C-SRG-MPOL-045_chk ) |
|---|
| Review the organization's non-enterprise activated CMD policy and configuration guidelines to determine if non-sensitive information is transferred to and from non-enterprise activated CMDs using something other than the Internet or designated workstation. The non-enterprise activated CMDs may tether to CIO-designated workstations connected through a demilitarized zone (DMZ) isolated from all DoD systems by physical or technical means as specified in DoD requirements. If private or internal DoD networks or systems are used for transfer of information to/from a non-enterprise activated CMD, this is a finding. |
| Fix Text (F-SRG-MPOL-045_fix) |
|---|
| Ensure the non-enterprise activated CMDs do not use DoD networks to transfer information. |