Title

Site physical security policy must include a statement outlining whether CMDs with digital cameras (still and video) are permitted or prohibited on or in this DoD facility. (Cat III impact)

Discussion

Mobile devices with cameras are easily used to photograph sensitive information and areas if not addressed. Sites must establish, document, and train on how to mitigate this threat.

Check Content

This requirement applies to mobile operating system (OS) CMDs. Work with traditional reviewer to review site’s physical security policy. Verify the site addresses CMDs with embedded cameras. If there is no written physical security policy outlining whether CMDs with cameras are permitted or prohibited on or in this DoD facility, this is a finding.

Fix Text

Update the security documentation to include a statement outlining whether CMDs with digital cameras (still and video) are allowed in the facility.

Additional Identifiers

Rule ID: SV-30690r4_rule

Vulnerability ID: V-24953

Group Title: Site CMD camera policy

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.