Check: WIR-SPP-004
CSfC Campus WLAN Policy Security Implementation Guide:
WIR-SPP-004
(in version v1 r2)
Title
Required procedures must be followed for the disposal of CMDs. (Cat III impact)
Discussion
If appropriate procedures are not followed prior to disposal of a CMD, an adversary may be able to obtain sensitive DoD information or learn aspects of the configuration of the device that might facilitate a subsequent attack.
Check Content
This requirement applies to mobile operating system (OS) CMDs. Prior to disposing of a CMD (for example, if a CMD is transferred to another DoD or government agency), follow the disposal procedures found in the STIG Technology Overview document of the STIG for the CMD of interest. For example, look in the BlackBerry Overview document in the BlackBerry STIG for the disposal procedures for a BlackBerry smartphone. Interview the IAO. Verify proper procedures are being followed and the procedures are documented. Check to see how retired, discarded, or transitioned CMDs were disposed of during the previous 6 – 12 months and verify compliance with requirements. Mark as a finding if procedures are not documented or if documented, they were not followed.
Fix Text
Follow required procedures prior to disposing of a CMD or transitioning it to another user.
Additional Identifiers
Rule ID: SV-30695r4_rule
Vulnerability ID: V-24958
Group Title: Follow procedures for disposal of CMDs
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |