The organization must establish usage restrictions for organization controlled CMD.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35972 | SRG-MPOL-054 | SV-47288r1_rule | Medium |
| Description |
|---|
| In order to effectively control access to its information systems, the organization must define usage restrictions for CMDs. In the absence of such restrictions, users could execute unauthorized programs and/or utilities, access unauthorized websites, gain access to and/or download restricted or classified information, knowingly or unknowingly load malware to the organization's information systems, etc. Lack of usage restrictions could result in unauthorized access to, or modification or destruction of, sensitive or classified data. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44209r1_chk ) |
|---|
| Review the organization's access control and security policy, procedures addressing access control for portable and mobile devices, information system configuration settings, and associated documentation. Organizational personnel who use portable and mobile devices to access the information system will be interviewed. Verify the organization has developed and published usage restrictions for all CMDs under its control. If the access control or other appropriate security policy does not address the use of CMDs, this is a finding. |
| Fix Text (F-40499r1_fix) |
|---|
| Develop and publish usage restrictions for all organization controlled CMDs. |