Title

The organization must follow the incident handling policy if classified information is found on mobile devices. (Cat I impact)

Discussion

In spite of the best security policies, restrictive controls, and random review procedures, incidents of leakage of classified data to unclassified CMDs are bound to occur. In these instances, the organization must have a set of defined procedures to be implemented when classified data is discovered on CMD. Failure to have incident handling procedures defined could result in confusion in the proper handling of the incident by organization personnel, or, worst case, classified data being disclosed to unauthorized sources. This requirement applies to all CMDs. This requirement also applies to sensitive DoD information stored on CMDs that are not authorized to connect to DoD networks or store/process sensitive DoD information. Sensitive DoD data or information is defined as any data/information that has not been approved for public release by the site/Command Public Affairs Officer (PAO).

Check Content

Review the organization's access control and security policy, incident handling procedures, and any other relevant documents. Ensure the organization has defined an incident handling policy with specific actions to be implemented when classified information has been found on mobile devices. Determine if the site has had a data spill within the previous 24 months. If yes, review written records, incident reports, and/or after action reports and determine if required procedures were followed. If the incident handling policy is not being followed, this is a finding.

Fix Text

Follow all incident handling policy actions to be taken when classified information has been identified on mobile devices.

Additional Identifiers

Rule ID:

Vulnerability ID: V-35970

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.