Check: WIR-SPP-007-02
Commercial Mobile Device (CMD) Policy STIG (STIG):
WIR-SPP-007-02
(in version v2 r5)
Title
Required actions must be followed at the site when a CMD has been lost or stolen. (Cat III impact)
Discussion
If procedures for lost or stolen CMDs are not followed, it is more likely that an adversary could obtain the device and use it to access DoD networks or otherwise compromise DoD IA.
Check Content
Interview the ISSO. Determine if any site mobile devices were reported lost or stolen within the previous 24 months. If yes, review written records, incident reports, and/or after action reports and determine if required procedures were followed. If the site had a lost or stolen mobile device within the previous 24 months and required procedures were not followed, this is a finding.
Fix Text
Follow required actions when a CMD is reported lost or stolen.
Additional Identifiers
Rule ID: SV-30706r5_rule
Vulnerability ID: V-24969
Group Title: Follow lost/stolen CMD procedures
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |