The organization must ensure all non-enterprise activated CMD users complete Operational Security (OPSEC) training that provides use guidelines and vulnerability mitigation techniques.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35997	SRG-MPOL-079	SV-47313r1_rule		Medium

Description
Improper use of CMD devices can compromise both the CMD and the network, as well as, expose DoD data to unauthorized individuals. Without adequate OPSEC training, users are more likely to engage in behaviors that make DoD networks and information more vulnerable to security exploits. The security personnel and the site CMD device administrators must ensure non-enterprise activated CMD users receive OPSEC training.

Description

Improper use of CMD devices can compromise both the CMD and the network, as well as, expose DoD data to unauthorized individuals. Without adequate OPSEC training, users are more likely to engage in behaviors that make DoD networks and information more vulnerable to security exploits. The security personnel and the site CMD device administrators must ensure non-enterprise activated CMD users receive OPSEC training.

STIG	Date
Mobile Policy Security Requirements Guide	2013-07-03

Details

Check Text ( C-44234r1_chk )
Review the site's training policy to determine if users are required to complete OPSEC training for the use of non-enterprise activated CMDs. If non-enterprise activated CMD users are not required to complete OPSEC training, this is a finding.

Fix Text (F-40524r1_fix)
Develop and publish policy mandating all non-enterprise activated CMD users complete Operational Security (OPSEC) training that provides use guidelines and vulnerability mitigation techniques.