Check: WIR-MOS-NS-050-03
BlackBerry Playbook OS (NEA mode):
WIR-MOS-NS-050-03
(in versions v1 r6 through v1 r2)
Title
Download of user owned data (music files, picture files, etc.) on mobile devices must be based on the Command’s Mobile Device Personal Use Policy. (Cat III impact)
Discussion
The risk of installing user owned data (music files, picture files, etc.) on a non-DoD-network connected mobile device that does not contain sensitive or classified DoD data/information should be evaluated by the DAA against mission need and how the device is intended to be used. There is a risk that user owned data (music files, picture files, etc.) could introduce malware on the device, which could impact the performance of the device and corrupt non-sensitive data stored on the device.
Check Content
Check a sample (2-3) of mobile devices managed at the site authorized to connect to a DoD network or store or process sensitive or classified DoD information. Review the Command’s Mobile Device Personal Use Policy. Determine if any user owned data (music files, picture files, etc.) are installed on the mobile device, including the SD media card. The exact procedure will vary, depending on the mobile OS. If user owned data (music files, picture files, etc.) are found, determine if these apps are authorized by the Command’s Mobile Device Personal Use Policy. Mark as a finding if unauthorized user owned data (music files, picture files, etc.) are found on site managed devices. This check is not applicable if the Command’s Mobile Device Personal Use Policy allows the download of personal data files.
Fix Text
Do not install personal data files on the mobile device unless authorized by the Command’s Mobile Device Personal Use Policy.
Additional Identifiers
Rule ID:
Vulnerability ID: V-30418
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |