STIGQter: STIG Summary: Commercial Mobile Device (CMD) Policy Security Technical Implementation Guide (STIG) Version: 2 Release: 5 Benchmark Date: 28 Oct 2016:

Site physical security policy must include a statement outlining whether CMDs with digital cameras (still and video) are permitted or prohibited on or in this DoD facility.

DISA Rule

SV-30690r4_rule

Vulnerability Number

V-24953

Group Title

Site CMD camera policy

Rule Version

WIR-SPP-001

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Update the security documentation to include a statement outlining whether CMDs with digital cameras (still and video) are allowed in the facility.

Check Contents

This requirement applies to mobile operating system (OS) CMDs.

Work with traditional reviewer to review site’s physical security policy. Verify the site addresses CMDs with embedded cameras.

If there is no written physical security policy outlining whether CMDs with cameras are permitted or prohibited on or in this DoD facility, this is a finding.

Vulnerability Number

V-24953

Documentable

False

Rule Version

WIR-SPP-001

Severity Override Guidance

This requirement applies to mobile operating system (OS) CMDs.

Work with traditional reviewer to review site’s physical security policy. Verify the site addresses CMDs with embedded cameras.

If there is no written physical security policy outlining whether CMDs with cameras are permitted or prohibited on or in this DoD facility, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

1978

Comments