Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32263 | IS-16.02.04 | SV-42580r2_rule | DCNR-1 ECCR-1 | Medium |
Description |
---|
Failure to handle CUI in an approved manner can result in the loss or compromise of sensitive information. |
STIG | Date |
---|---|
Traditional Security | 2013-07-11 |
Check Text ( C-40774r3_chk ) |
---|
Check to ensure the following standards concerning encryption of data-at-rest are met: In accordance with DoD policy, all unclassified DoD data that has not been approved for public release and is stored on mobile computing devices or removable storage media must be encrypted using commercially available encryption technology. This requirement includes all CUI as well as other unclassified information that has not been reviewed and approved for public release. This includes certain Personally Identifiable Information (PII). See ASD(NII) Memorandum, Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media, 3 Jul 07 for detailed guidance. TACTICAL ENVIRONMENT: The check is applicable for all tactical processing environments. |
Fix Text (F-36188r1_fix) |
---|
Ensure the following standards concerning encryption of data-at-rest are met: In accordance with DoD policy, all unclassified DoD data that has not been approved for public release and is stored on mobile computing devices or removable storage media must be encrypted using commercially available encryption technology. This requirement includes all CUI as well as other unclassified information that has not been reviewed and approved for public release. This includes certain Personally Identifiable Information (PII). See ASD(NII) Memorandum, Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media, 3 Jul 07 for detailed guidance. |