Title

The PDA/smartphone must be configured to require a passcode for device unlock. (Cat I impact)

Discussion

Sensitive DoD data could be compromised if a device unlock passcode is not set up on a DoD PDA/smartphone. These devices are particularly vulnerable because they are exposed to many potential adversaries when they taken outside of the physical security perimeter of DoD facilities, and because they are easily concealed if stolen.

Check Content

Detailed Policy Requirements: PDAs and smartphones must be protected by authenticated login procedures to unlock the device. Either CAC or password authentication is required. Check Procedures: Interview the IAO and system administrator. - Verify that CAC authentication or password authentication is used on site managed PDAs. Verify authentication is required to unlock the PDA on a sample of devices at the site. Inspect 3-4 devices.

Fix Text

Configure the MDM server to require a passcode for device unlock.

Additional Identifiers

Rule ID: SV-31260r1_rule

Vulnerability ID: V-25007

Group Title: Require device unlock password/passcode

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.