Check: WIR-SPP-008-01
Mobile Device Policy STIG (STIG):
WIR-SPP-008-01
(in version v2 r6)
Title
The mobile device system administrator must perform a wipe command on all new or reissued mobile devices and a STIG-compliant IT policy will be pushed to the device before issuing it to DoD personnel. (Cat III impact)
Discussion
Malware can be installed on the device at some point between shipping from the factory and delivery to DoD. The malware could result in the compromise of sensitive DoD information or result in the introduction of malware within the DoD network.
Check Content
Detailed Policy Requirements: The mobile device system administrator must perform a wipe command on all new or reissued mobile devices, reload system software, and load a STIG-compliant security policy on the mobile device before issuing it to DoD personnel and placing the device on a DoD network. The intent is to return the device to the factory state before the DoD software baseline is installed. When wireless over-the-air (OTA) activation is performed, the activation password is passed to the user in a secure manner (e.g., activation password is encrypted and emailed to an individual). Check Procedures: Interview the ISSO. Verify required procedures are followed. If required procedures were not followed, this is a finding.
Fix Text
Perform a wipe command on all new or reissued mobile devices.
Additional Identifiers
Rule ID: SV-30700r6_rule
Vulnerability ID: V-24963
Group Title: Mobile device provisioning-01
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |