Navigate

Check: SRG-MPOL-082

Mobile Policy SRG: SRG-MPOL-082 (in version v1 r2)

Title

The organization must include procedures for lost or stolen CMDs in its Incident Response Plan or applicable Standard Operating Procedure (SOP). (Cat III impact)

Discussion

Sensitive DoD data could be stored in memory on a DoD operated CMDs and the data could be compromised if required actions are not followed when a CMD is lost or stolen. Without procedures for lost or stolen CMD, it is more likely that an adversary could obtain the device and use it to access DoD networks or otherwise compromise DoD IA. The site (location where CMDs are issued and managed and the site where the MDM server is located) must publish procedures to follow if a CMD has been lost or stolen.

Check Content

Interview the appropriate security personnel and review the site's Incident Response Plan or other policies to determine if the site has a written plan of action and procedures for lost or stolen CMDs. If the site's Incident Response Plan (IRP) does not include a written plan of action following a lost or stolen CMD, this is a finding.

Fix Text

Create and publish SOP to follow in the event a CMD is lost or stolen.

Additional Identifiers

Rule ID:

Vulnerability ID: V-36000

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000843	The organization develops an incident response plan that provides the organization with a roadmap for implementing its incident response capability; describes the structure and organization of the incident response capability; provides a high-level approach for how the incident response capability fits into the overall organization; meets the unique requirements of the organization, which relate to mission, size, structure, and functions; defines reportable incidents; provides metrics for measuring the incident response capability within the organization; and defines the resources and management support needed to effectively maintain and mature an incident response capability.

Number

Definition

CCI-000843

The organization develops an incident response plan that provides the organization with a roadmap for implementing its incident response capability; describes the structure and organization of the incident response capability; provides a high-level approach for how the incident response capability fits into the overall organization; meets the unique requirements of the organization, which relate to mission, size, structure, and functions; defines reportable incidents; provides metrics for measuring the incident response capability within the organization; and defines the resources and management support needed to effectively maintain and mature an incident response capability.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
No controls are assigned to this check