Title

Site physical security policy must include a statement if PDAs and smartphones with digital cameras (still and video) are permitted or prohibited on or in this DoD facility. (Cat III impact)

Discussion

Mobile devices with cameras are easily used to photograph sensitive information and areas if not addressed. Sites must establish, document, and train on how to mitigate this threat.

Check Content

This requirement applies to mobile operating system (OS) smartphones and tablets. Work with traditional reviewer to review site’s physical security policy. Verify the site addresses PDAs and smartphones with embedded cameras. - Mark this as a finding if there is no written physical security policy outlining whether wireless phones with cameras are permitted or prohibited on or in this DoD facility.

Fix Text

Update the security documentation to include a statement if PDAs and smartphones with digital cameras (still and video) are allowed in the facility.

Additional Identifiers

Rule ID: SV-30690r5_rule

Vulnerability ID: V-24953

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.