STIGQter: STIG Summary: Mobile Device Policy Security Technical Implementation Guide (STIG) Version: 2 Release: 6 Benchmark Date: 26 Jul 2019:

Personally owned or contractor owned mobile devices must not be used to transmit, receive, store, or process DoD information or connect to DoD networks.

DISA Rule

SV-104677r1_rule

Vulnerability Number

V-94847

Group Title

Personally-owned mobile devices (BYOD)

Rule Version

WIR0010-01

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Prohibit use of personally owned or contractor owned mobile devices (Bring Your Own Device – BYOD) at the site to transmit, receive, store, or process DoD information or connect to DoD networks.

Check Contents

Interview the site IAM and IAO and determine if personally owned or contractor owned CMDs (Bring Your Own Device – BYOD) are used at the site to transmit, receive, store, or process DoD information or connect to DoD networks.

Mark as a finding if personally owned or contractor owned CMDs (Bring Your Own Device – BYOD) are used to transmit, receive, store, or process DoD information or connect to DoD networks.

Vulnerability Number

V-94847

Documentable

False

Rule Version

WIR0010-01

Severity Override Guidance

Interview the site IAM and IAO and determine if personally owned or contractor owned CMDs (Bring Your Own Device – BYOD) are used at the site to transmit, receive, store, or process DoD information or connect to DoD networks.

Mark as a finding if personally owned or contractor owned CMDs (Bring Your Own Device – BYOD) are used to transmit, receive, store, or process DoD information or connect to DoD networks.

Check Content Reference

M

Target Key

3521

Comments