STIGQter: STIG Summary: Commercial Mobile Device (CMD) Policy Security Technical Implementation Guide (STIG) Version: 2 Release: 5 Benchmark Date: 28 Oct 2016:

The site Incident Response Plan or other procedure must include procedures to follow when a mobile operating system (OS) based mobile device is reported lost or stolen.

DISA Rule

SV-30699r6_rule

Vulnerability Number

V-24962

Group Title

Publish lost/stolen CMD procedures

Rule Version

WIR-SPP-007-01

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Publish procedures to follow if a mobile operating system (OS) based CMD is lost or stolen.

Check Contents

Detailed Policy Requirements:

The site (location where CMDs are issued and managed and the site where the mobile operating system (OS) based CMD management server is located) must publish procedures to follow if a CMD has been lost or stolen. The procedures should include (as appropriate):

- Mobile device user notifies ISSO, SM, and other site personnel, as required by the site’s Incident Response Plan, within the timeframe required by the site’s Incident Response Plan.

- The ISSO notifies the mobile device management server system administrator and other site personnel, as required by the site’s Incident Response Plan, within the timeframe required by the site’s Incident Response Plan.

The site mobile device management server administrator sends a wipe command to the CMD and then disables the user account on the management server or removes the CMD from the user account.

- The site will contact the carrier to have the device deactivated on the carrier’s network.

Check procedures:
Interview the ISSO.

Review the site’s Incident Response Plan or other policies to determine if the site has a written plan of action.

If the site does not have a written plan of action following a lost or stolen CMD, this is a finding.

Vulnerability Number

V-24962

Documentable

False

Rule Version

WIR-SPP-007-01

Severity Override Guidance

Detailed Policy Requirements:

The site (location where CMDs are issued and managed and the site where the mobile operating system (OS) based CMD management server is located) must publish procedures to follow if a CMD has been lost or stolen. The procedures should include (as appropriate):

- Mobile device user notifies ISSO, SM, and other site personnel, as required by the site’s Incident Response Plan, within the timeframe required by the site’s Incident Response Plan.

- The ISSO notifies the mobile device management server system administrator and other site personnel, as required by the site’s Incident Response Plan, within the timeframe required by the site’s Incident Response Plan.

The site mobile device management server administrator sends a wipe command to the CMD and then disables the user account on the management server or removes the CMD from the user account.

- The site will contact the carrier to have the device deactivated on the carrier’s network.

Check procedures:
Interview the ISSO.

Review the site’s Incident Response Plan or other policies to determine if the site has a written plan of action.

If the site does not have a written plan of action following a lost or stolen CMD, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

1978

Comments