UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization must have an access control security policy requiring approval from the appropriate authorizing official(s) for the connection of unclassified mobile devices to unclassified information systems.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35959 SRG-MPOL-041 SV-47275r1_rule Medium
Description
Mobile/portable computing and communications devices (e.g., notebook/laptop computers, personal digital assistants, cellular telephones, digital cameras, etc.) require specific approval for use, as the capabilities and mobility of these devices present additional risk to DoD networks and data.
STIG Date
Mobile Policy Security Requirements Guide 2013-01-24

Details

Check Text ( C-44196r1_chk )
Review the organization's access control and security policy, list of officials with authority to approve the connection of unclassified mobile devices to unclassified information systems, procedures addressing access control for portable and mobile devices, documentation for random inspections of mobile devices, and other relevant documents or records. Interview organizational personnel responsible for granting approval to connect unclassified mobile devices to unclassified information systems; organization personnel responsible for randomly reviewing/inspecting mobile devices; and organizational personnel using mobile devices in facilities containing information systems processing, storing, or transmitting classified information. Verify (i) the organization has developed and published an access control security policy requiring approval to connect unclassified mobile devices to unclassified information systems by nominated organization officials; and (ii) the organization has identified organization personnel with the authority to grant connection approval.

If a policy requiring connection approval does not exist, this is a finding.
Fix Text (F-40486r1_fix)
Develop and publish an access control security policy requiring approval prior to connecting unclassified mobile devices to unclassified information systems, identifying organization personnel with the authority to grant connection approval.