UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The site physical security policy must state that digital cameras (still and video) must not be allowed in any SCIF or other areas where classified documents or information is stored, transmitted, or processed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-24954 WIR-SPP-002 SV-30691r3_rule ECWN-1 High
Description
PDAs and cell phones with embedded cameras can be used to photograph classified material and can be easily concealed. Classified information could be compromised.
STIG Date
Smartphone Policy Security Technical Implementation Guide 2011-06-20

Details

Check Text ( C-31113r3_chk )
Note: This requirement also applies to handheld barcode scanners equipped with imagers, unless the manufacturer certifies that the raw image is only used for bar code processing and is not available to any other application.

Work with the traditional reviewer to interview the Security Manager. Obtain the following information:
1. Review site’s physical security policy.
2. Verify that users are informed of this policy by reviewing user agreements, posted signs, or training material.
3. Powering off, removal of batteries, or blocking Infrared (IR) ports is not acceptable for disabling camera functionality, as this method has not been tested for efficacy.
4. Mark as a finding if a written policy does not prohibit these devices in classified areas.

Note: For smartphone systems, the site should consider disabling smartphone cameras via a smartphone security policy.
Fix Text (F-27581r1_fix)
Update site physical security policy. Train users on policy.