UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization must have a CMD Personal Use Policy that specifies restrictions on the use of personal email.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35974 SRG-MPOL-056 SV-47290r1_rule Medium
Description
Malware can be introduced to a DoD enclave via personally owned applications and personal web site accounts. In addition, sensitive DoD data could be exposed, altered, or exfiltrated by the same malware. The DoD component must publish a Personal Use Policy for DoD component managed or owned CMDs. The policy will provide information on allowed personal use of DoD component mobile devices, including devices approved for connection to DoD networks and processing of sensitive data; and for devices not approved for connection to DoD networks and processing of DoD data (for example, non-enterprise activated devices). The policy will be approved by the DAA based on a risk-based assessment. The assessment will consider costs to the Command that could result from additional wireless service charges from personal usage of the device.
STIG Date
Mobile Policy Security Requirements Guide 2013-01-24

Details

Check Text ( C-44211r1_chk )
Review the organization's policy to determine if it provides information on allowed personal use of DoD component mobile devices in respect to viewing or downloading personal email. The policy will be approved by the DAA based on a risk based assessment. If the organization does not have a policy on allowed personal use covering viewing or downloading personal email, this is a finding.
Fix Text (F-40501r1_fix)
Develop a Mobile Device Personal Use Policy which details the requirements for the operating system device to view or download personal email.