UCF STIG Viewer Logo

Smartphone Policy Security Technical Implementation Guide



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-24960 High Smartphone devices and systems will not be used to send, receive, store, or process classified messages, unless approved.
V-24957 High If a data spill (Classified Message Incident (CMI)) occurs on a wireless email device or system at a site, the site will follow required procedures.
V-24954 High PDAs/smartphones with digital cameras (still and video) will not be allowed in any SCIF or other areas where classified documents or information is stored, transmitted, or processed.
V-24965 Medium Smartphone Instant Messaging (IM) client application will connect to a DoD controlled IM server that is compliant with the Instant Messaging STIG.
V-24955 Medium A data spill (Classified Message Incident (CMI)) procedure or policy will be published for site smartphones.
V-24966 Low The site wireless policy or wireless remote access policy will include information on required smartphone Wi-Fi security controls.
V-24964 Low Smartphone software updates will only originate from DoD sources.
V-24963 Low Smartphone SA will perform a “Wipe” command on all new or reissued smartphones and a STIG-compliant IT policy will be pushed to the device before issuing it to DoD personnel.
V-24961 Low Smartphone users will complete required training.
V-24958 Low Required procedures will be followed for the disposal of smartphones.
V-24953 Low Site physical security policy will include a statement if PDAs and smartphones with digital cameras (still and video) are allowed in the facility.
V-24969 Low Required actions will be followed at the site when a smartphone has been lost or stolen.
V-24968 Low Smartphones will be provisioned so that users can digitally sign and encrypt e-mail notifications or other email messages required by DoD policy. DAA approval will be obtained prior to the use of software PKI certificates on smartphones.
V-25036 Low If wireless remote access is approved for use, the site's SSP will include wireless remote access equipment and locations (site network Wi-Fi, home, hotel, public hotspots, etc.) approved for site personnel.
V-25034 Low Users will receive training on required topics before they are authorized to access a DoD network via a wireless remote access device.
V-25035 Low The site will have a Wireless Remote Access Policy that has been signed by the site DAA, Commander, Director, or other appropriate managers.
V-24962 Low The site Incident Response Plan or other procedure will include procedures to follow when a smartphone is reported lost or stolen.