Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-MPOL-057 | SRG-MPOL-057 | SRG-MPOL-057_rule | Medium |
Description |
---|
As non-enterprise activated CMDs do not have the required and necessary security controls applied to the devices, in all cases, DoD data is at risk of compromise or exfiltration if those devices connect to DoD workstations or other devices containing sensitive information. |
STIG | Date |
---|---|
Mobile Policy Security Requirements Guide | 2012-10-10 |
Check Text ( C-SRG-MPOL-057_chk ) |
---|
Review the organization's access control and security policy to determine if requirements for connection to DoD workstations or other systems containing sensitive DoD information are defined. Ensure the organization has defined a usage restriction for connection of a non-enterprise activated CMD to a DoD workstation or other DoD system that stores or processes sensitive information. If a policy does not exist prohibiting the connection of non-enterprise activated CMDs from connecting to DoD systems that contain sensitive DoD data, this is a finding. |
Fix Text (F-SRG-MPOL-057_fix) |
---|
Ensure non-enterprise activated CMDs do not physically or wirelessly connect directly to DoD information systems containing sensitive data. |