CCI-001335

Defines security officials to perform reviews and inspections of unclassified mobile devices in facilities containing systems processing, storing, or transmitting classified information.

Implementation Guidance

Determine if: - random review and inspection of unclassified mobile devices and the information stored on those devices by [AC-19(04)_ODP[01]; security officials responsible for the review and inspection of unclassified mobile devices and the information stored on those devices are defined] are enforced. - following of the incident handling policy is enforced if classified information is found during a random review and inspection of unclassified mobile devices.

Validation Procedures

Examine: [SELECT FROM: Access control policy; incident handling policy; procedures addressing access control for mobile devices; system design documentation; system configuration settings and associated documentation; evidentiary documentation for random inspections and reviews of mobile devices; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel responsible for random reviews/inspections of mobile devices; organizational personnel using mobile devices in facilities containing systems processing, storing, or transmitting classified information; organizational personnel with incident response responsibilities; system/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms prohibiting the use of internal or external modems or wireless interfaces with mobile devices].

The controls below (if any) were marked by NIST as being related to CCI-001335.