Title

The organization must ensure all non-enterprise activated CMD users complete Operational Security (OPSEC) training that provides use guidelines and vulnerability mitigation techniques. (Cat II impact)

Discussion

Improper use of CMD devices can compromise both the CMD and the network, as well as, expose DoD data to unauthorized individuals. Without adequate OPSEC training, users are more likely to engage in behaviors that make DoD networks and information more vulnerable to security exploits. The security personnel and the site CMD device administrators must ensure non-enterprise activated CMD users receive OPSEC training.

Check Content

Review the site's training policy to determine if users are required to complete OPSEC training for the use of non-enterprise activated CMDs. If non-enterprise activated CMD users are not required to complete OPSEC training, this is a finding.

Fix Text

Develop and publish policy mandating all non-enterprise activated CMD users complete Operational Security (OPSEC) training that provides use guidelines and vulnerability mitigation techniques.

Additional Identifiers

Rule ID:

Vulnerability ID: V-35997

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.