The organization must have written policy or training material stating CMDs must not be used to receive, transmit, or process classified messages unless specifically approved by NSA for such purposes and NSA-approved transmission and storage methods are used.

From Mobile Policy Security Requirements Guide

Associated with: CCI-001330

SV-47271r1_rule The organization must have written policy or training material stating CMDs must not be used to receive, transmit, or process classified messages unless specifically approved by NSA for such purposes and NSA-approved transmission and storage methods are used.

Vulnerability discussion

Wireless devices will not be used for processing classified data unless approved for such use as classified data could be compromised or exposed to unauthorized personnel.

Check content

Verify written policy and training material exists (or requirement is listed on a signed user agreement) stating CMDs must not be used to transmit classified information. If written policy or training material, stating CMDs must not be used to receive, transmit, or process classified information, does not exist, this is a finding.

Fix text

Develop and publish policy preventing CMDs from processing, sending, receiving, or storing classified data.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.