An error occurred:

Wireless Management Server Policy Version Comparison

Wireless Management Server Policy Security Technical Implementation Guide

Comparison

There are 5 differences between versions v1 r4 (Nov. 23, 2011) (the "left" version) and v1 r6 (Oct. 26, 2012) (the "right" version).

Check WIR-SPP-007-01 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

The site Incident Response Plan or other procedure must include procedures to follow when a mobile operating system (OS) based smartphone or tablet device is reported lost or stolen.

Check Content

Detailed Policy Requirements: This Requirements: The requirement applies to mobile operating system (OS) smartphones and tablets. The site (location where smartphones are issued and managed and the site where the mobile operating system (OS) based smartphone Smartphone and tablet device management server is located) must publish procedures to follow if a smartphone has been lost or stolen. The procedures should include (as appropriate): -Smartphone appropriate): -Mobile device user notifies IAO, SM, and other site personnel, as required by the site’s Incident Response Plan, within the timeframe required by the site’s Incident Response Plan. -The IAO notifies the smartphone mobile device management server system administrator and other site personnel, as required by the site’s Incident Response Plan, within the timeframe required by the site’s Incident Response Plan. The site smartphone mobile device management server administrator sends a wipe command to the smartphone and then disables the user account on the management server or removes the smartphone from the user account. Check account. -The site will contact the carrier to have the device deactivated on the carrier’s network. Check procedures: Interview the IAO. Review the site’s Incident Response Plan or other policies and determine if the site has a written plan of action. Mark as a finding if the site does not have a written plan of action following a lost or stolen smartphone. smartphone or tablet.

Discussion

Sensitive DoD data could be stored in memory on a DoD operated mobile operating system (OS) based smartphone Smartphone and tablet device and the data could be compromised if required actions are not followed when a smartphone is lost or stolen. Without procedures for lost or stolen mobile operating system (OS) based smartphones, Smartphone and tablet devices, it is more likely that an adversary could obtain the device and use it to access DoD networks or otherwise compromise DoD IA.

Fix

Publish procedures to follow if a mobile operating system (OS) based smartphone or tablet device is lost or stolen.