The DOD Mobile Service Provider must not allow Samsung Android 14 BYOADs in facilities where personally owned mobile devices are prohibited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-260408 | KNOX-14-802200 | SV-260408r950735_rule | CCI-000382 | medium |
| Description | ||||
| DOD policy requires BYOAD devices with DOD data be managed by a DOD MDM server, MAM server, or VMI system. This ensures the device can be monitored for compliance with the approved security baseline and the work profile can be removed when the device is out of compliance, which protects DOD data from unauthorized exposure. Follow local physical security procedures regarding allowing or prohibiting personally owned mobile devices in a DOD facility. If BYOAD devices are brought into facilities where the AO has determined the risk of using personal devices is unacceptable, this could lead to the exposure of sensitive DOD data. SFR ID: FMT_SMF_EXT.1.1 #47 | ||||
| STIG | Date | |||
| Samsung Android 14 BYOAD Security Technical Implementation Guide | 2024-02-16 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-7
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.4.6
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000382
1.00
- DISA · 1 · disa_xccdf · related
Details
Check Text (C-260408r950735_chk)
Verify the DOD Mobile Service Provider or ISSO/ISSM do not allow BYOADs in facilities where personally owned mobile devices are prohibited.
If the DOD Mobile Service Provider or ISSO/ISSM allows BYOADs in facilities where personally owned mobile devices are prohibited, this is a finding.
Fix Text (F-64045r950734_fix)
Do not allow BYOADs in facilities where personally owned mobile devices are prohibited.