The organization must not process or store official DoD email on Non-enterprise activated CMDs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-MPOL-046 | SRG-MPOL-046 | SRG-MPOL-046_rule | Medium |
| Description |
|---|
| As non-enterprise activated CMDs do not have the required and necessary security controls applied to the devices, in all cases, DoD data and the applications that house such data (e.g., email) are at risk of compromise or exfiltration. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2012-10-10 |
Details
| Check Text ( C-SRG-MPOL-046_chk ) |
|---|
| Review the organization's published implementation guidance on the use of non-enterprise activated CMDs to determine if DoD email is prohibited from being stored or processed on the devices. If the published guidance does not forbid the processing or storing of official DoD email on non-enterprise activated CMDs, this is a finding. |
| Fix Text (F-SRG-MPOL-046_fix) |
|---|
| Ensure the organization's non-enterprise activated CMD policy prohibits the use of processing or storing official DoD email on the devices. |