The organization must apply organization defined inspection and preventative measures to mobile devices returning from locations the organization deems to be of significant risk to DoD information systems.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35992	SRG-MPOL-074	SV-47308r1_rule		Medium

Description
Despite the implementation of viable countermeasures on mobile devices, upon return from a high risk location, each device should be treated as if it has been compromised. The mobile device should be meticulously inspected for the existence of malware or unauthorized access to, or modification, deletion or destruction of data stored on the mobile device. The inspection is intended to isolate the compromise of the mobile device, thereby preventing promulgation to other organization information systems. If a mobile device has been compromised, organization personnel should initiate additional preventive measures to sanitize the mobile device. If sanitization is not possible, the mobile device should be destroyed.

Description

Despite the implementation of viable countermeasures on mobile devices, upon return from a high risk location, each device should be treated as if it has been compromised. The mobile device should be meticulously inspected for the existence of malware or unauthorized access to, or modification, deletion or destruction of data stored on the mobile device. The inspection is intended to isolate the compromise of the mobile device, thereby preventing promulgation to other organization information systems. If a mobile device has been compromised, organization personnel should initiate additional preventive measures to sanitize the mobile device. If sanitization is not possible, the mobile device should be destroyed.

STIG	Date
Mobile Policy Security Requirements Guide	2013-01-24

Details

Check Text ( C-44229r1_chk )
Interview organization personnel to ensure high risk mobile device inspection and preventive measures are understood, executed, and an audit trail is maintained to document actions taken for each high risk mobile device. NOTE: Inspections should be completed before returning devices are connected to a DoD network. If inspection and preventative measures are not employed for devices returning from high risk locations, this is a finding.

Check Text ( C-44229r1_chk )

Interview organization personnel to ensure high risk mobile device inspection and preventive measures are understood, executed, and an audit trail is maintained to document actions taken for each high risk mobile device. NOTE: Inspections should be completed before returning devices are connected to a DoD network.

If inspection and preventative measures are not employed for devices returning from high risk locations, this is a finding.

Fix Text (F-40519r1_fix)
Document the inspection and preventive measures applied to each mobile device returning from a high risk location, ensuring organization defined inspection and preventative measures are being applied.