The organization must have written policy or training material stating CMDs must not be used to receive, transmit, or process classified messages unless specifically approved by NSA for such purposes and NSA-approved transmission and storage methods are used.

The organization must have written policy or training material stating CMDs must not be used to receive, transmit, or process classified messages unless specifically approved by NSA for such purposes and NSA-approved transmission and storage methods are used.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35955	SRG-MPOL-037	SV-47271r1_rule		High

Description
Wireless devices will not be used for processing classified data unless approved for such use as classified data could be compromised or exposed to unauthorized personnel.

STIG	Date
Mobile Policy Security Requirements Guide	2013-07-03

Details

Check Text ( C-44192r1_chk )
Verify written policy and training material exists (or requirement is listed on a signed user agreement) stating CMDs must not be used to transmit classified information. If written policy or training material, stating CMDs must not be used to receive, transmit, or process classified information, does not exist, this is a finding.

Fix Text (F-40482r1_fix)
Develop and publish policy preventing CMDs from processing, sending, receiving, or storing classified data.