Title

The organization must apply organization defined inspection and preventative measures to mobile devices returning from locations the organization deems to be of significant risk to DoD information systems. (Cat II impact)

Discussion

Despite the implementation of viable countermeasures on mobile devices, upon return from a high risk location, each device should be treated as if it has been compromised. The mobile device should be meticulously inspected for the existence of malware or unauthorized access to, or modification, deletion or destruction of data stored on the mobile device. The inspection is intended to isolate the compromise of the mobile device, thereby preventing promulgation to other organization information systems. If a mobile device has been compromised, organization personnel should initiate additional preventive measures to sanitize the mobile device. If sanitization is not possible, the mobile device should be destroyed.

Check Content

Interview organization personnel to ensure high risk mobile device inspection and preventive measures are understood, executed, and an audit trail is maintained to document actions taken for each high risk mobile device. NOTE: Inspections should be completed before returning devices are connected to a DoD network. If inspection and preventative measures are not employed for devices returning from high risk locations, this is a finding.

Fix Text

Document the inspection and preventive measures applied to each mobile device returning from a high risk location, ensuring organization defined inspection and preventative measures are being applied.

Additional Identifiers

Rule ID:

Vulnerability ID: V-35992

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.