Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-MPOL-084 | SRG-MPOL-084 | SRG-MPOL-084_rule | Medium |
Description |
---|
Improper use of CMD devices can compromise both the CMD and the network, as well as, expose DoD data to unauthorized individuals. Without adequate OPSEC training, users are more likely to engage in behaviors that make DoD networks and information more vulnerable to security exploits. The security personnel and the site CMD device administrators must ensure non-enterprise activated CMD users receive OPSEC training. |
STIG | Date |
---|---|
Mobile Policy Security Requirements Guide | 2012-10-10 |
Check Text ( C-SRG-MPOL-084_chk ) |
---|
Review the site's training policy to determine if users are required to complete OPSEC training for the use of non-enterprise activated CMDs. If non-enterprise activated CMD users are not required to complete OPSEC training, this is a finding. |
Fix Text (F-SRG-MPOL-084_fix) |
---|
Ensure all non-enterprise activated CMD users complete Operational Security (OPSEC) training that provides use guidelines and vulnerability mitigation techniques. |