The PDA/smartphone must be configured to require a passcode for device unlock.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-25007	WIR-MOS-PDA-010	SV-31260r2_rule	ECWN-1 IAIA-1	High

Description
Sensitive DoD data could be compromised if a device unlock passcode is not set up on a DoD PDA/smartphone. These devices are particularly vulnerable because they are exposed to many potential adversaries when they taken outside of the physical security perimeter of DoD facilities, and because they are easily concealed if stolen.

STIG	Date
PDA/Smartphone Security Technical Implementation Guide	2011-10-07

Details

Check Text ( C-31668r1_chk )
Detailed Policy Requirements: PDAs and smartphones must be protected by authenticated login procedures to unlock the device. Either CAC or password authentication is required. Check Procedures: Interview the IAO and system administrator. - Verify that CAC authentication or password authentication is used on site managed PDAs. Verify authentication is required to unlock the PDA on a sample of devices at the site. Inspect 3-4 devices.

Check Text ( C-31668r1_chk )

Detailed Policy Requirements:

PDAs and smartphones must be protected by authenticated login procedures to unlock the device. Either CAC or password authentication is required.

Check Procedures:
Interview the IAO and system administrator.
- Verify that CAC authentication or password authentication is used on site managed PDAs. Verify authentication is required to unlock the PDA on a sample of devices at the site. Inspect 3-4 devices.

Fix Text (F-27657r2_fix)
Configure the smartphone to require a passcode for device unlock.