The organization must define inspection and preventative measures to be applied on mobile devices returning from locations that the organization deems to be of significant risk in accordance with organizational policies and procedures.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-MPOL-060	SRG-MPOL-060	SRG-MPOL-060_rule		Medium

Description
Despite the implementation of viable countermeasures on mobile devices, upon return from a high risk location, each device should be treated as if it has been compromised. The mobile device should be meticulously inspected for the existence of malware, unauthorized access to, or modification, deletion, or destruction of data stored on the mobile device. The inspection is intended to isolate the compromise of the mobile device, thereby preventing promulgation to other organization information systems. If a mobile device has been compromised, organization personnel should initiate additional preventive measures to sanitize the mobile device. If sanitization is not possible, the mobile device should be destroyed.

Description

Despite the implementation of viable countermeasures on mobile devices, upon return from a high risk location, each device should be treated as if it has been compromised. The mobile device should be meticulously inspected for the existence of malware, unauthorized access to, or modification, deletion, or destruction of data stored on the mobile device. The inspection is intended to isolate the compromise of the mobile device, thereby preventing promulgation to other organization information systems. If a mobile device has been compromised, organization personnel should initiate additional preventive measures to sanitize the mobile device. If sanitization is not possible, the mobile device should be destroyed.

STIG	Date
Mobile Policy Security Requirements Guide	2012-10-10

Details

Check Text ( C-SRG-MPOL-060_chk )
Review the organization's security policy and procedures, and any other relevant documents, to determine if the organization has defined and published inspection and preventative measures for mobile devices returning from high risk locations. Organization personnel who, according to the policy and procedures, are responsible for conducting the inspection and preventive measures will be interviewed. This is to ensure the assigned personnel are aware of the responsibility and understand the inspection and preventive measures defined in the organization's security policy and procedures. If inspection and preventative measures, such as performing an integrity scan of the mobile device before and after traveling to a high risk location, are not defined and documented, this is a finding.

Check Text ( C-SRG-MPOL-060_chk )

Review the organization's security policy and procedures, and any other relevant documents, to determine if the organization has defined and published inspection and preventative measures for mobile devices returning from high risk locations. Organization personnel who, according to the policy and procedures, are responsible for conducting the inspection and preventive measures will be interviewed. This is to ensure the assigned personnel are aware of the responsibility and understand the inspection and preventive measures defined in the organization's security policy and procedures.

If inspection and preventative measures, such as performing an integrity scan of the mobile device before and after traveling to a high risk location, are not defined and documented, this is a finding.

Fix Text (F-SRG-MPOL-060_fix)
Define inspection and preventive measures to be initiated for all mobile devices returning from organization-defined high risk locations. These procedures will outline the need to keep accurate audit trail records for actions taken on each of these mobile devices.