UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization must apply organization defined inspection and preventative measures to mobile devices returning from locations the organization deems to be of significant risk to DoD information systems.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-MPOL-059 SRG-MPOL-059 SRG-MPOL-059_rule Medium
Description
Despite the implementation of viable countermeasures on mobile devices, upon return from a high risk location, each device should be treated as if it has been compromised. The mobile device should be meticulously inspected for the existence of malware or unauthorized access to, or modification, deletion or destruction of data stored on the mobile device. The inspection is intended to isolate the compromise of the mobile device, thereby preventing promulgation to other organization information systems. If a mobile device has been compromised, organization personnel should initiate additional preventive measures to sanitize the mobile device. If sanitization is not possible, the mobile device should be destroyed.
STIG Date
Mobile Policy Security Requirements Guide 2012-10-10

Details

Check Text ( C-SRG-MPOL-059_chk )
Interview organization personnel to ensure high risk mobile device inspection and preventive measures are understood, executed, and an audit trail is maintained to document actions taken for each high risk mobile device.

If inspection and preventative measures are not employed for devices returning from high risk locations, this is a finding.
Fix Text (F-SRG-MPOL-059_fix)
Document the inspection and preventive measures applied to each mobile device returning from a high risk location, ensuring organization defined inspection and preventative measures are being applied.