Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
If a data spill (Classified Message Incident (CMI)) occurs on a wireless email device or system at a site, the site will follow required procedures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-24957 | WIR-SPP-003-02 | SV-30694r2_rule | VIIR-1 VIIR-2 | High |
| Description |
|---|
| If required procedures are not followed after a data spill, classified data could be exposed to unauthorized personnel. |
| STIG | Date |
|---|---|
| Wireless Management Server Policy Security Technical Implementation Guide | 2011-01-06 |
Details
| Check Text ( C-31115r2_chk ) |
|---|
| Detailed Policy Requirements: If a data spill occurs on a smartphone, the following actions must be completed: - The smartphone management server and email servers (e.g., Exchange, Oracle mail, etc.) are handled as classified systems until they are sanitized according to appropriate procedures. (See NSA/CSS Storage Device Declassification Manual 9-12 (FOUO) for sanitization procedures.) - The smartphone is handled as a classified device and must be destroyed according to DoD guidance for destroying classified equipment. Currently, there is no reliable method for sanitizing smartphones after a data spill. Check Procedures: Interview the IAO. Determine if the site has had a data spill within the previous 24 months. If yes, review written records, incident reports, and/or after action reports and determine if required procedures were followed. |
| Fix Text (F-27583r1_fix) |
|---|
| If a data spill occurs on a wireless email device or system at a site, the site must follow required procedures. |