The organization must verify each of its CMD users has completed annual CMD user training.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35998	SRG-MPOL-080	SV-47314r1_rule		Low

Description
Users are the first line of security controls for CMD systems. They must be trained in using CMD security controls or the system could be vulnerable to attack. All CMD users must receive security training on the device before they are issued a CMD. If training is not renewed on an annual basis, users may not be informed of new security procedures or may forget previously trained procedures, which could lead to an exposure of sensitive DoD information.

Description

Users are the first line of security controls for CMD systems. They must be trained in using CMD security controls or the system could be vulnerable to attack. All CMD users must receive security training on the device before they are issued a CMD. If training is not renewed on an annual basis, users may not be informed of new security procedures or may forget previously trained procedures, which could lead to an exposure of sensitive DoD information.

STIG	Date
Mobile Policy Security Requirements Guide	2013-07-03

Details

Check Text ( C-44235r1_chk )
Review site CMD training and verify training records show that users received required training, and that training occurred before the user was issued a CMD. All CMD users must receive required training annually and prior to issuance. If training records do not show users receiving required training prior to issuance and at least annually, this is a finding.

Fix Text (F-40525r1_fix)
Develop required training for all users to complete annually and prior to being issued CMDs.