From Mobile Policy Security Requirements Guide
Part of SRG-MPOL-003
Associated with: CCI-001455
CMD applications can be written and published very quickly without a thorough life cycle management process or security assessment. It is critical that all applications that reside on CMDs go through the same rigorous security evaluation as a typical COTS product, so as not to introduce malware or other risks to DoD information and networks. If an application is utilized that has not been approved for use, and a risk based determination has not been made by the appropriate approving authority, DoD has no way of knowing what type of risk the application may pose to DoD information systems or data.
Review the organization's CMD policy to determine if it states that a risk-based determination for applications is performed before they are accredited by the DAA prior to distribution or installation on a CMD. If the organization's CMD policy does not provide for a risk-based determination and approval, prior to installation on a CMD, this is a finding.
Include a risk-based determination and DAA accreditation for applications prior to installation on a CMD in the CMD policy.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer