Title

Smartphone/tablet users must complete required training annually. (Cat III impact)

Discussion

Users are the first line of security controls for smartphone/tablet systems. They must be trained in using smartphone security controls or the system could be vulnerable to attack. If training is not renewed on an annual basis, users may not be informed of new security procedures or may forget previously trained procedures, which could lead to an exposure of sensitive DoD information.

Check Content

This requirement applies to mobile operating system (OS) smartphones and tablets. All smartphone users must receive required smartphone training annually. Mark as a finding if training records do not show users receiving required training at least annually.

Fix Text

Complete required training annually for all smartphone users.

Additional Identifiers

Rule ID: SV-36045r3_rule

Vulnerability ID: V-28317

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.