UCF STIG Viewer Logo

The installation of user owned applications on the mobile device must be based on the Command’s Mobile Device Personal Use Policy.


Overview

Finding ID Version Rule ID IA Controls Severity
V-30412 WIR-MOS-NS-050-01 SV-40117r2_rule ECWN-1 Low
Description
The risk of installing personally owned or freeware apps on a DoD mobile device should be evaluated by the DAA against mission need and how the device is intended to be used. There is a risk that personally owned or freeware apps could introduce malware on the device, which could impact the performance of the device and corrupt non-sensitive data stored on the device.
STIG Date
BlackBerry Playbook OS (NEA mode) Security Technical Implementation Guide (STIG) 2014-08-25

Details

Check Text ( C-39064r1_chk )
Check a sample (2-3) of mobile devices managed at the site authorized to connect to a DoD network or store or process sensitive or classified DoD information. Review the Command’s Mobile Device Personal Use policy.

Determine if any personally owned apps are installed on the mobile device, including the SD media card. The exact procedure will vary, depending on the OS. If personally owned apps are found, determine if these apps are authorized by the Command’s Mobile Device Personal Use Policy.

Mark as a finding if unauthorized personal apps are found on site managed devices. This check is not applicable if the Command’s Mobile Device Personal Use Policy allows the installation of user owned applications.
Fix Text (F-34175r1_fix)
Remove unauthorized applications.