If a data spill (Classified Message Incident (CMI)) occurs on a wireless email device or system at a site, the site must follow required data spill procedures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-24957 | WIR-SPP-003-02 | SV-30694r4_rule | VIIR-1 VIIR-2 | High |
| Description |
|---|
| If required procedures are not followed after a data spill, classified data could be exposed to unauthorized personnel. |
| STIG | Date |
|---|---|
| Smartphone Policy Security Technical Implementation Guide | 2011-06-20 |
Details
| Check Text ( C-31115r4_chk ) |
|---|
| Detailed Policy Requirements: If a data spill occurs on a smartphone, the following actions must be completed: - The smartphone management server and email servers (e.g., Exchange, Oracle mail, etc.) are handled as classified systems until they are sanitized according to appropriate procedures. (See NSA/CSS Storage Device Declassification Manual 9-12 for sanitization procedures.) - The smartphone is handled as a classified device and destroyed according to DoD guidance for destroying classified equipment or sanitized as directed in Check WIR-SPP-003-01. Check Procedures: Interview the IAO. Determine if the site has had a data spill within the previous 24 months. If yes, review written records, incident reports, and/or after action reports and determine if required procedures were followed. Mark as a finding if the site had a data spill within the previous 24 months and required procedures were not followed. |
| Fix Text (F-27583r1_fix) |
|---|
| If a data spill occurs on a wireless email device or system at a site, the site must follow required procedures. |