Title

The IAO at the smartphone management server site must verify that local sites, where smartphones are provisioned, issued, and managed, are conducting annual self assessments. (Cat III impact)

Discussion

The security integrity of the smartphone system depends on local sites where smartphone handhelds are provisioned and issued complying with STIG requirements. The risk of malware introduced on a handheld device and avenues of attack into the enclave via a smartphone device could result if STIG procedures are not followed.

Check Content

Annual self assessments will be conducted according to the appropriate smartphone STIG, with the assessment results being entered into VMS/Component Provided Tracking Database. Verify the IAO of the site, where the smartphone management server is located, is tracking local/remote sites (where smartphone devices are provisioned, issued, and managed) are conducting annual self assessments according to the appropriate smartphone STIG. Verify the results of the assessments are being entered into VMS/Component Provided Tracking Database. Note: Command-level action should be considered for local sites not complying with STIG requirements for the provisioning, issuance, and managements of smartphones. Mark as a finding if required annual self assessments have not been completed by the site.

Fix Text

The IAO at the smartphone management server site has verified local sites are conducting annual self assessments.

Additional Identifiers

Rule ID: SV-30708r3_rule

Vulnerability ID: V-24971

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.