Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The PDA/smartphone must be configured to require a passcode for device unlock.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25007 | WIR-MOS-PDA-010 | SV-31260r2_rule | ECWN-1 IAIA-1 | High |
| Description |
|---|
| Sensitive DoD data could be compromised if a device unlock passcode is not set up on a DoD PDA/smartphone. These devices are particularly vulnerable because they are exposed to many potential adversaries when they taken outside of the physical security perimeter of DoD facilities, and because they are easily concealed if stolen. |
| STIG | Date |
|---|---|
| PDA/Smartphone Security Technical Implementation Guide | 2011-10-07 |
Details
| Check Text ( C-31668r1_chk ) |
|---|
| Detailed Policy Requirements: PDAs and smartphones must be protected by authenticated login procedures to unlock the device. Either CAC or password authentication is required. Check Procedures: Interview the IAO and system administrator. - Verify that CAC authentication or password authentication is used on site managed PDAs. Verify authentication is required to unlock the PDA on a sample of devices at the site. Inspect 3-4 devices. |
| Fix Text (F-27657r2_fix) |
|---|
| Configure the smartphone to require a passcode for device unlock. |