An error occurred:

Check: WIR-SPP-007-01

CSfC Campus WLAN Policy Security Implementation Guide: WIR-SPP-007-01 (in version v1 r2)

Title

The site Incident Response Plan or other procedure must include procedures to follow when a mobile operating system (OS) based mobile device is reported lost or stolen. (Cat III impact)

Discussion

Sensitive DoD data could be stored in memory on a DoD operated mobile operating system (OS) based CMD and the data could be compromised if required actions are not followed when a CMD is lost or stolen. Without procedures for lost or stolen mobile operating system (OS) based CMD devices, it is more likely that an adversary could obtain the device and use it to access DoD networks or otherwise compromise DoD IA.

Check Content

Detailed Policy Requirements: The site (location where CMDs are issued and managed and the site where the mobile operating system (OS) based CMD management server is located) must publish procedures to follow if a CMD has been lost or stolen. The procedures should include (as appropriate): -Mobile device user notifies IAO, SM, and other site personnel, as required by the site’s Incident Response Plan, within the timeframe required by the site’s Incident Response Plan. -The IAO notifies the mobile device management server system administrator and other site personnel, as required by the site’s Incident Response Plan, within the timeframe required by the site’s Incident Response Plan. The site mobile device management server administrator sends a wipe command to the CMD and then disables the user account on the management server or removes the CMD from the user account. -The site will contact the carrier to have the device deactivated on the carrier’s network. Check procedures: Interview the IAO. Review the site’s Incident Response Plan or other policies and determine if the site has a written plan of action. Mark as a finding if the site does not have a written plan of action following a lost or stolen CMD.

Fix Text

Publish procedures to follow if a mobile operating system (OS) based CMD is lost or stolen.

Additional Identifiers

Rule ID: SV-30699r4_rule

Vulnerability ID: V-24962

Group Title: Publish lost/stolen CMD procedures

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check