UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization must ensure all non-enterprise activated CMD users complete Operational Security (OPSEC) training that provides use guidelines and vulnerability mitigation techniques.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-MPOL-084 SRG-MPOL-084 SRG-MPOL-084_rule Medium
Description
Improper use of CMD devices can compromise both the CMD and the network, as well as, expose DoD data to unauthorized individuals. Without adequate OPSEC training, users are more likely to engage in behaviors that make DoD networks and information more vulnerable to security exploits. The security personnel and the site CMD device administrators must ensure non-enterprise activated CMD users receive OPSEC training.
STIG Date
Mobile Policy Security Requirements Guide 2012-10-10

Details

Check Text ( C-SRG-MPOL-084_chk )
Review the site's training policy to determine if users are required to complete OPSEC training for the use of non-enterprise activated CMDs.

If non-enterprise activated CMD users are not required to complete OPSEC training, this is a finding.
Fix Text (F-SRG-MPOL-084_fix)
Ensure all non-enterprise activated CMD users complete Operational Security (OPSEC) training that provides use guidelines and vulnerability mitigation techniques.