From Mobile Policy Security Requirements Guide
Part of SRG-MPOL-043
Associated with: CCI-001332
Non-enterprise activated CMDs are not authorized to process any information other than non-sensitive because they do not have required security controls to avoid tampering and malicious intent. There is a high risk of introducing malware and exfiltration of information if these types of devices store or process anything other than non-sensitive information.
Review the organization's policy on non-enterprise activated CMD processing and storage requirements. The policy should include language that disallows the use of such devices in processing or storing anything other than non-sensitive DoD information. The devices will not be used to connect to DoD email systems, including Outlook Web Access (OWA), or store or process DoD email. If the policy does not disallow the use of CMDs for processing anything other than non-sensitive information, including DoD email, this is a finding.
Develop and publish the policy or procedure preventing the processing or storing of DoD sensitive information, including DoD email, by non-enterprise activated CMDs.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer