Title

The organization must explicitly specify in each sites physical security policy whether CMDs, containing cameras, are permitted at that site. (Cat III impact)

Discussion

CMDs with cameras are easily used to photograph sensitive information and areas if not addressed. Sites must establish, document, and train on how to mitigate this threat.

Check Content

Review site's physical security policy. Verify the site addresses CMDs with embedded cameras. If there is no written physical security policy outlining whether CMDs with cameras are permitted or prohibited on or in the DoD facility, this is a finding.

Fix Text

Update the security documentation to include a statement of whether CMDs with cameras (still and video) are allowed in the facility.

Additional Identifiers

Rule ID:

Vulnerability ID: V-35977

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.