V-24957 | High | If a data spill (Classified Message Incident (CMI)) occurs on a wireless email device or system at a site, the site must follow required data spill procedures. | If required procedures are not followed after a data spill, classified data could be exposed to unauthorized personnel. |
V-24955 | Medium | A data spill (Classified Message Incident (CMI)) procedure or policy must be published for site smartphones. | When a data spill occurs on a smartphone, classified or sensitive data must be protected to prevent disclosure. After a data spill, the smartphone must either be wiped using approved procedures,... |
V-24970 | Low | The smartphone management server administrator must receive required training. | The security posture of the smartphone management server could be compromised if the administrator is not trained to follow required procedures. |
V-24962 | Low | The site Incident Response Plan or other procedure must include procedures to follow when a smartphone is reported lost or stolen. | Sensitive DoD data could be stored in memory on a DoD operated smartphone and the data could be compromised if required actions are not followed when a smartphone is lost or stolen. Without... |
V-24969 | Low | Required actions must be followed at the site when a smartphone has been lost or stolen. | If procedures for lost or stolen smartphones are not followed, it is more likely that an adversary could obtain the device and use it to access DoD networks or otherwise compromise DoD IA. |
V-28313 | Low | smartphone management server administrator must receive required training. | The smartphone management server administrator must renew required training annually. |
V-24971 | Low | The IAO at the smartphone management server site must verify that local sites, where smartphones are provisioned, issued, and managed, are conducting annual self assessments. | The security integrity of the smartphone system depends on local sites where smartphone handhelds are provisioned and issued complying with STIG requirements. The risk of malware introduced on a... |