Check: SRG-MPOL-037
Mobile Policy SRG:
SRG-MPOL-037
(in version v1 r2)
Title
The organization must have written policy or training material stating CMDs must not be used to receive, transmit, or process classified messages unless specifically approved by NSA for such purposes and NSA-approved transmission and storage methods are used. (Cat I impact)
Discussion
Wireless devices will not be used for processing classified data unless approved for such use as classified data could be compromised or exposed to unauthorized personnel.
Check Content
Verify written policy and training material exists (or requirement is listed on a signed user agreement) stating CMDs must not be used to transmit classified information. If written policy or training material, stating CMDs must not be used to receive, transmit, or process classified information, does not exist, this is a finding.
Fix Text
Develop and publish policy preventing CMDs from processing, sending, receiving, or storing classified data.
Additional Identifiers
Rule ID:
Vulnerability ID: V-35955
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001330 |
The organization prohibits the use of unclassified mobile devices in facilities containing information systems processing, storing, or transmitting classified information unless specifically permitted by the authorizing official. |
Controls
| Number | Title |
|---|---|
| AC-19 (4) |
Restrictions For Classified Information |