UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization's physical security policy must state that CMD cameras must not be allowed in any SCIF or other areas where classified documents or information is stored, transmitted, or processed.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-MPOL-088 SRG-MPOL-088 SRG-MPOL-088_rule High
Description
CMDs with embedded cameras can be used to photograph classified material and can be easily concealed. Classified information could be compromised. Photos may also be taken of the areas that would facilitate a subsequent physical security breach.
STIG Date
Mobile Policy Security Requirements Guide 2012-10-10

Details

Check Text ( C-SRG-MPOL-088_chk )
This requirement also applies to handheld barcode scanners equipped with imagers, unless the manufacturer certifies the raw image is only used for bar code processing and is not available to any other application.

Interview the Security Manager and review the following information:
- Site's physical security policy.
-Verify users are informed of this policy by reviewing user agreements, posted signs, or training material.
- Powering off, removing batteries, or blocking infrared (IR) ports is not acceptable for disabling camera functionality, as these methods have not been tested for efficacy.

If a written policy does not prohibit these devices in classified areas, this is a finding.

For smartphone systems, the site should consider disabling smartphone cameras via a smartphone security policy.
Fix Text (F-SRG-MPOL-088_fix)
Update the site physical security policy to state that digital cameras (still and video) are not permitted in any SCIF or other areas where classified documents or information is stored, transmitted, or processed.