UCF STIG Viewer Logo

The PDA/smartphone must be configured to require a passcode for device unlock.


Finding ID Version Rule ID IA Controls Severity
V-25007 WIR-MOS-PDA-010 SV-31260r1_rule ECWN-1 IAIA-1 High
Sensitive DoD data could be compromised if a device unlock passcode is not set up on a DoD PDA/smartphone. These devices are particularly vulnerable because they are exposed to many potential adversaries when they taken outside of the physical security perimeter of DoD facilities, and because they are easily concealed if stolen.
PDA Security Technical Implementation Guide (STIG) 2014-03-18


Check Text ( C-31668r1_chk )
Detailed Policy Requirements:

PDAs and smartphones must be protected by authenticated login procedures to unlock the device. Either CAC or password authentication is required.

Check Procedures:
Interview the IAO and system administrator.
- Verify that CAC authentication or password authentication is used on site managed PDAs. Verify authentication is required to unlock the PDA on a sample of devices at the site. Inspect 3-4 devices.

Fix Text (F-27657r3_fix)
Configure the MDM server to require a passcode for device unlock.