The organization must not permit personnel to operate CMD without first signing a user agreement IAW DoD CIO Memorandum, Policy on Use of Department of Defense (DoD) Information Systems Standard Consent Banner and User Agreement, 9 May 2008.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36005 | SRG-MPOL-086 | SV-47321r1_rule | Low |
| Description |
|---|
| Lack of user training and understanding of responsibilities to safeguard wireless technology is a significant vulnerability to the enclave. Once policies are established, users must be trained to these requirements or the risk to the network remains. User agreements are particularly important for mobile and remote users since there is a high risk of loss, theft, or compromise. Thus, this signed agreement is a good best practice to help ensure the site is confirming the user is aware of the risks and proper procedures. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-44242r2_chk ) |
|---|
| The user agreements must include DAA authorized tasks for the mobile device and relevant security requirements, including, the DoD CIO Memorandum, "Policy on Use of Department of Defense (DoD) Information Systems Standard Consent Banner and User Agreement," 9 May 2008. Inspect a copy of the site's user agreement. Verify the user agreement has the minimum elements required IAW the DoD CIO Memorandum. If the site user agreements do not exist or are not compliant with the minimum requirements, this is a finding. |
| Fix Text (F-40532r1_fix) |
|---|
| Develop and publish policy mandating all users sign a user agreement before they are issued a mobile or wireless device. |