The organization must develop policy which ensures a CMD is wiped prior to issuance to DoD personnel.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-MPOL-049	SRG-MPOL-049	SRG-MPOL-049_rule		Low

Description
Malware may be installed on a device at some point between shipping from the factory and delivery to DoD. The malware could result in the compromise of sensitive DoD information or result in the introduction of malware within the DoD network.

STIG	Date
Mobile Policy Security Requirements Guide	2012-10-10

Details

Check Text ( C-SRG-MPOL-049_chk )
Review the policy to ensure a procedure is in place for a smartphone system administrator to perform a Wipe command on all new or reissued smartphones, reload system software, and load a DoD compliant security policy on the smartphone before issuing it to DoD personnel and placing the device on a DoD network. Verify required procedures are followed. If required procedures are not followed, this is a finding.

Check Text ( C-SRG-MPOL-049_chk )

Review the policy to ensure a procedure is in place for a smartphone system administrator to perform a Wipe command on all new or reissued smartphones, reload system software, and load a DoD compliant security policy on the smartphone before issuing it to DoD personnel and placing the device on a DoD network.

Verify required procedures are followed. If required procedures are not followed, this is a finding.

Fix Text (F-SRG-MPOL-049_fix)
Develop a policy which ensures smartphone system administrators perform a wipe command on all new or reissued smartphones and an approved IT policy is pushed to the device before issuing it to DoD personnel.