The organization must establish implementation guidance for organization-controlled portable and mobile devices.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35978 | SRG-MPOL-060 | SV-47294r1_rule | Medium |
| Description |
|---|
| In order to effectively manage and control its portable and mobile devices, the organization must develop and publish implementation guidance for these devices. Lacking implementation guidance, the organization could be faced with a myriad of configurations tasking its ability to properly manage these devices, or, worst case, provide an opportunity for malicious software/malware to be installed on these devices, which could result in unauthorized access to, modification of, or destruction of sensitive or classified data. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44215r1_chk ) |
|---|
| Review the organization's published implementation guidance (CONOPS or NETOPS plan) and configuration settings and associated documentation for organization-controlled portable and mobile devices. Ensure the organization has developed and published implementation guidance for organization controlled portable and mobile devices. If the organization does not have published configuration settings and implementation guidance such as a CONOPS or NETOPS plan, this is a finding. |
| Fix Text (F-40505r1_fix) |
|---|
| Develop and publish implementation guidance for organization-controlled portable and mobile devices. |