UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization must assign personnel to perform reviews/inspections of mobile devices in facilities containing information systems processing, storing, or transmitting classified information.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-MPOL-078 SRG-MPOL-078 SRG-MPOL-078_rule Medium
Description
The organization's access control procedures and security policies establish the requirement to (i) control the use of various mobile devices and connected or imbedded capabilities, and (ii) conduct random reviews/inspections of mobile devices to ensure compliance with the established access control and security policies. In order to effectively execute the random review/inspection of mobile devices, the organization must identify, minimally by position title, organization security officials responsible for conducting mobile device reviews/inspections.
STIG Date
Mobile Policy Security Requirements Guide 2012-10-10

Details

Check Text ( C-SRG-MPOL-078_chk )
Review the organization's access control and security policy; documentation officially assigning the responsibility for conducting random inspections of mobile devices to nominated security officials (e.g., position descriptions outlining the responsibility, official letters of assignment, etc.); and other relevant documents or records. Organizational personnel responsible for reviewing/inspecting mobile devices will be interviewed. Ensure the organization has documented the nomination and official notification of nominated security officials of their responsibility to perform reviews/inspections of mobile devices within its facilities, and these security officials have been notified and are aware of this responsibility.

If the organization has not assigned responsibility for conducting inspection of mobile devices in facilities containing information systems processing, storing, or transmitting classified information, this is a finding.
Fix Text (F-SRG-MPOL-078_fix)
Nominate and officially notify security personnel of their responsibility to perform reviews/inspections of mobile devices within facilities containing information systems processing, storing, or transmitting classified information. The notification will be recorded in appropriate official documents of record (e.g., position descriptions, letters of assignment, etc.).