Mobile Device Policy STIG (STIG) Version Comparison

There are 16 differences between versions v2 r3 (Oct. 28, 2016) (the "left" version) and v2 r6 (July 26, 2019) (the "right" version).

Check WIR-SPP-001 was added to the benchmark in the "right" version.

This check's original form is available here.

Title

Site physical security policy must include a statement outlining whether mobile devices with digital cameras (still and video) are permitted or prohibited on or in this DoD facility.

Check Content

This requirement applies to mobile operating system (OS) mobile devices. Work with traditional reviewer to review site’s physical security policy. Verify the policy addresses mobile devices CMDs with embedded cameras. If there is no written physical security policy outlining whether mobile devices with cameras are permitted or prohibited on or in this DoD facility, this is a finding.

Discussion

Mobile devices with cameras are easily used to photograph sensitive information and areas if not addressed. Sites must establish, document, and train on how to mitigate this threat.

Fix

Update the security documentation to include a statement outlining whether mobile devices with digital cameras (still and video) are allowed in the facility.