Title

The site physical security policy must include a statement if PDAs, smartphones, and tablets with digital cameras (still and video) are permitted or prohibited on or in the DoD facility. (Cat III impact)

Discussion

Wireless client, networks, and data could be compromised if unapproved wireless remote access is used. In most cases, unapproved devices are not managed and configured as required by the appropriate STIG and the site’s overall network security controls are not configured to provide adequate security for unapproved devices. When listed in the SSP, the site has shown that security controls have been designed to account for the wireless devices.

Check Content

This requirement applies to mobile operating system (OS) smartphones and tablets. Work with traditional reviewer to review site’s physical security policy. Verify the site addresses PDAs, smartphones, and tablets with embedded cameras. Mark this as a finding if there is no written physical security policy outlining whether wireless phones with cameras are permitted or prohibited on or in the DoD facility.

Fix Text

Update the security documentation to include a statement if PDAs, smartphones, and tablets with digital cameras (still and video) are allowed in the facility.

Additional Identifiers

Rule ID: SV-30838r3_rule

Vulnerability ID: V-25036

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.