Check: SRG-MPOL-083
Mobile Policy SRG:
SRG-MPOL-083
(in version v1 r2)
Title
The organization must follow required procedures for the disposal of CMDs. (Cat III impact)
Discussion
If appropriate procedures are not followed prior to disposal of a CMD, an adversary may be able to obtain sensitive DoD information or learn aspects of the configuration of the device that might facilitate a subsequent attack.
Check Content
This requirement applies to mobile operating system (OS) CMDs. Prior to disposing of a CMD or if the CMD is transferred to another DoD or government agency, follow the disposal procedures found in the appropriate security implementation guide for the CMD of interest. Verify proper procedures are being followed and the procedures are documented. Check to see how retired, discarded, or transitioned CMDs were disposed of during the previous 6 - 12 months and verify compliance with requirements. If procedures are not documented or if documented, they were not followed, this is a finding.
Fix Text
Prior to disposing of a CMD or transitioning it to another user, either in DoD or another agency, follow required procedures.
Additional Identifiers
Rule ID:
Vulnerability ID: V-36001
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001028 |
The organization sanitizes organization-defined information system media prior to disposal, release out of organizational control, or release for reuse using organization-defined sanitization techniques and procedures in accordance with applicable federal and organizational standards and policies. |
Controls
| Number | Title |
|---|---|
| MP-6 |
Media Sanitization |