STIGQter: STIG Summary: Commercial Mobile Device (CMD) Policy Security Technical Implementation Guide (STIG) Version: 2 Release: 5 Benchmark Date: 28 Oct 2016:

Required actions must be followed at the site when a CMD has been lost or stolen.

DISA Rule

SV-30706r5_rule

Vulnerability Number

V-24969

Group Title

Follow lost/stolen CMD procedures

Rule Version

WIR-SPP-007-02

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Follow required actions when a CMD is reported lost or stolen.

Check Contents

Interview the ISSO. Determine if any site mobile devices were reported lost or stolen within the previous 24 months. If yes, review written records, incident reports, and/or after action reports and determine if required procedures were followed.

If the site had a lost or stolen mobile device within the previous 24 months and required procedures were not followed, this is a finding.

Vulnerability Number

V-24969

Documentable

False

Rule Version

WIR-SPP-007-02

Severity Override Guidance

Interview the ISSO. Determine if any site mobile devices were reported lost or stolen within the previous 24 months. If yes, review written records, incident reports, and/or after action reports and determine if required procedures were followed.

If the site had a lost or stolen mobile device within the previous 24 months and required procedures were not followed, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

1978

Comments