STIGQter STIGQter: STIG Summary: Mobile Device Policy Security Technical Implementation Guide (STIG) Version: 2 Release: 6 Benchmark Date: 26 Jul 2019: The mobile device system administrator must perform a wipe command on all new or reissued mobile devices and a STIG-compliant IT policy will be pushed to the device before issuing it to DoD personnel.

DISA Rule

SV-30700r6_rule

Vulnerability Number

V-24963

Group Title

Mobile device provisioning-01

Rule Version

WIR-SPP-008-01

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Perform a wipe command on all new or reissued mobile devices.

Check Contents

Detailed Policy Requirements:
The mobile device system administrator must perform a wipe command on all new or reissued mobile devices, reload system software, and load a STIG-compliant security policy on the mobile device before issuing it to DoD personnel and placing the device on a DoD network. The intent is to return the device to the factory state before the DoD software baseline is installed.

When wireless over-the-air (OTA) activation is performed, the activation password is passed to the user in a secure manner (e.g., activation password is encrypted and emailed to an individual).

Check Procedures:
Interview the ISSO. Verify required procedures are followed. If required procedures were not followed, this is a finding.

Vulnerability Number

V-24963

Documentable

False

Rule Version

WIR-SPP-008-01

Severity Override Guidance

Detailed Policy Requirements:
The mobile device system administrator must perform a wipe command on all new or reissued mobile devices, reload system software, and load a STIG-compliant security policy on the mobile device before issuing it to DoD personnel and placing the device on a DoD network. The intent is to return the device to the factory state before the DoD software baseline is installed.

When wireless over-the-air (OTA) activation is performed, the activation password is passed to the user in a secure manner (e.g., activation password is encrypted and emailed to an individual).

Check Procedures:
Interview the ISSO. Verify required procedures are followed. If required procedures were not followed, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

3521

Comments