UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization must not permit personnel to operate CMD without first signing a user agreement IAW DoD CIO Memorandum, Policy on Use of Department of Defense (DoD) Information Systems Standard Consent Banner and User Agreement, 9 May 2008.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36005 SRG-MPOL-086 SV-47321r1_rule Low
Description
Lack of user training and understanding of responsibilities to safeguard wireless technology is a significant vulnerability to the enclave. Once policies are established, users must be trained to these requirements or the risk to the network remains. User agreements are particularly important for mobile and remote users since there is a high risk of loss, theft, or compromise. Thus, this signed agreement is a good best practice to help ensure the site is confirming the user is aware of the risks and proper procedures.
STIG Date
Mobile Policy Security Requirements Guide 2013-01-24

Details

Check Text ( C-44242r2_chk )
The user agreements must include DAA authorized tasks for the mobile device and relevant security requirements, including, the DoD CIO Memorandum, "Policy on Use of Department of Defense (DoD) Information Systems Standard Consent Banner and User Agreement," 9 May 2008.

Inspect a copy of the site's user agreement.
Verify the user agreement has the minimum elements required IAW the DoD CIO Memorandum.

If the site user agreements do not exist or are not compliant with the minimum requirements, this is a finding.
Fix Text (F-40532r1_fix)
Develop and publish policy mandating all users sign a user agreement before they are issued a mobile or wireless device.