UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization must include procedures for lost or stolen CMDs in its Incident Response Plan or applicable SOP.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-MPOL-090 SRG-MPOL-090 SRG-MPOL-090_rule Low
Description
Sensitive DoD data could be stored in memory on a DoD operated smartphone and the data could be compromised if required actions are not followed when a CMD is lost or stolen. Without procedures for lost or stolen CMD, it is more likely that an adversary could obtain the device and use it to access DoD networks or otherwise compromise DoD IA. The site (location where CMDs are issued and managed and the site where the MDM server is located) must publish procedures to follow if a CMD has been lost or stolen.
STIG Date
Mobile Policy Security Requirements Guide 2012-10-10

Details

Check Text ( C-SRG-MPOL-090_chk )
Interview the appropriate security personnel and review the site's Incident Response Plan or other policies to determine if the site has a written plan of action and procedures for lost or stolen CMDs.

If the site's Incident Response Plan (IRP) does not include a written plan of action following a lost or stolen CMD, this is a finding.
Fix Text (F-SRG-MPOL-090_fix)
Create and publish procedures (SOP) to follow in the event a CMD is lost or stolen.