The organization must have a policy and connection approval process prohibiting connection of unclassified mobile devices to classified information systems.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35957 | SRG-MPOL-039 | SV-47273r1_rule | Medium |
| Description |
|---|
| Mobile/portable computing and communications devices with information storage capability (e.g., notebook/laptop computers, personal digital assistants, cellular telephones, and digital cameras, etc.) have capabilities that could allow for the covert recording of classified information. Unclassified mobile devices must not connect to classified systems, as classified data could be compromised or exposed to unauthorized personnel. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44194r1_chk ) |
|---|
| Review the organization's access control and security policy and procedures addressing the connection of unclassified mobile devices to classified information systems. Ensure the organization has established a security policy prohibiting connection of unclassified mobile devices to classified information systems. If the organization does not have a policy and connection approval process for connecting mobile devices to information systems, this is a finding. |
| Fix Text (F-40484r1_fix) |
|---|
| Establish an access control and security policy which prohibits the connection of unclassified mobile devices to classified information systems. |