The organization must define locations the organization deems to be of significant risk to DoD information systems, in accordance with organizational policies and procedures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35990 | SRG-MPOL-072 | SV-47306r1_rule | Medium |
| Description |
|---|
| Given the continuous threat level in today's global environment, there are certain locations presenting significant risks to an organization's personnel, equipment, and data. To afford an increased level of awareness and security for its personnel, equipment, and data, an organization must identify those locations representing a higher level of risk. Failure of an organization to identify these locations could result in dangerous situations for its personnel, such as; damaged, stolen or compromised equipment; or unauthorized access to, modification of, or destruction of sensitive or classified data. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-44227r1_chk ) |
|---|
| Review the organization's security policy and procedures to ensure the organization has developed and documented a list of high risk locations, and has published this list to its security staff and other organizational personnel. Also examine the date of last update to ensure the list is periodically reviewed and updated. Interview organization security staff to determine if a high risk location list exists and if it is periodically reviewed and updated. If the organization has not developed and disseminated a list of high risk locations, this is a finding. |
| Fix Text (F-40517r1_fix) |
|---|
| Develop and document a list of high risk locations, and publish this list to security staff and other organizational personnel. |