The organization must not permit CMDs Sensitive Compartmented Information Facilities (SCIFs), unless approved by the DAA and SCIF Cognizant Security Authority (CSA) in accordance with Intelligence Community Directive 503 and Intelligence Community Standard (ICS) 705.1.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-MPOL-063 | SRG-MPOL-063 | SRG-MPOL-063_rule | High |
| Description |
|---|
| Emanations from computing devices in the secured area may be transmitted or picked up inadvertently by wireless devices. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2012-10-10 |
Details
| Check Text ( C-SRG-MPOL-063_chk ) |
|---|
| Determine if the site SCIF CSA has approved wireless CMDs in the site SCIFs. Determine if the DAA and site SSO have approved wireless CMDs in site SCIFs. Ask for approval documentation if approval has been granted. All three entities must grant approval (SCIF CSA, DAA, and SSO). If wireless CMDs in site SCIFs have not been approved, determine if procedures are in place to prevent users from bringing CMDs into SCIFs and if users are trained on this requirement. Posted signs are considered evidence of compliance. If wireless CMDs are allowed in site SCIFs without required approvals, required procedures are not in place, or required user training has not been documented, this is a finding. |
| Fix Text (F-SRG-MPOL-063_fix) |
|---|
| Ensure users are trained on procedures for SCIF compliance and policy. Alternately, this requirement may be included in the site User Agreement. |