UCF STIG Viewer Logo

A personal firewall must be implemented on each PDA / smartphone that is used to connect to the Internet or DoD network.


Finding ID Version Rule ID IA Controls Severity
V-18621 WIR-MOS-PDA-031 SV-31700r2_rule ECWN-1 Low
Without a personal firewall, the PDA / Smartphone is susceptible to vulnerability scanning and malware attacks from the Internet and other networks to which it may intentionally or inadvertently connect.
PDA/Smartphone Security Technical Implementation Guide 2011-10-07


Check Text ( C-22303r1_chk )
Inspect a sample (3-4) PDAs used at the site to connect to the Internet or DoD network. Verify the software is:
- Able to block both inbound and outbound ports and services as needed
- Configured for automatic updates from a trusted site every 14 days (if this feature is available) or the user has been trained to manually download updates every 14 days (check user agreement or training records).
- Configured to block known DDoS ports and unneeded services as identified by the local SA.
- NIAP validated. If an NIAP approved personal firewall is not available for the PDA operating system, sites must select commercial products which are from major vendors with preference given to products tested or already used by other DoD organizations.
Mark as a finding if any of these requirements are not met.

Note: Personal firewall features are included in many PDA antivirus products.

Note: This requirement does not apply to any handheld PDA that is not used to connect to the internet or a DoD computer or network. It does not apply to handheld bar-code or RFID scanners that are connected to a DoD computers to download scanned data (handheld is used only as a bar-code / RFID scanner). Also, this requirement does not apply to phones that only have the capability for voice calls only, including wireless VoIP and Unlicensed Mobile Access (UMA) (no data, Internet connections other than for voice calls over wireless VoIP and UMA).
Fix Text (F-11479r2_fix)
Comply with DoD policy.