UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization must not permit non-enterprise activated CMDs to process or store DoD sensitive information, including DoD email.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35961 SRG-MPOL-043 SV-47277r1_rule Medium
Description
Non-enterprise activated CMDs are not authorized to process any information other than non-sensitive because they do not have required security controls to avoid tampering and malicious intent. There is a high risk of introducing malware and exfiltration of information if these types of devices store or process anything other than non-sensitive information.
STIG Date
Mobile Policy Security Requirements Guide 2013-07-03

Details

Check Text ( C-44198r1_chk )
Review the organization's policy on non-enterprise activated CMD processing and storage requirements. The policy should include language that disallows the use of such devices in processing or storing anything other than non-sensitive DoD information. The devices will not be used to connect to DoD email systems, including Outlook Web Access (OWA), or store or process DoD email.

If the policy does not disallow the use of CMDs for processing anything other than non-sensitive information, including DoD email, this is a finding.
Fix Text (F-40488r1_fix)
Develop and publish the policy or procedure preventing the processing or storing of DoD sensitive information, including DoD email, by non-enterprise activated CMDs.