CCI-002329

The organization defines the mobile devices that are to employ full-device or container encryption to protect the confidentiality and integrity of the information on the device.

Implementation Guidance

The organization being inspected/assessed defines and documents the mobile devices that are to employ full-device or container encryption to protect the confidentiality and integrity of the information on device. DoD has determined the mobile devices are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented mobile devices to ensure the organization being inspected/assessed defines the mobile devices that are to employ full-device or container encryption to protect the confidentiality and integrity of the information on device. DoD has determined the mobile devices are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated system security plan (SSP) 2.) Signed and dated mobile devices policy that defines the mobile devices (make and model) that are to employ full-device or container encryption to protect the confidentiality and integrity of the information on device.

The controls below (if any) were marked by NIST as being related to CCI-002329.