From Mobile Policy Security Requirements Guide
Part of SRG-MPOL-052
Associated with: CCI-001458
In spite of the best security policies, restrictive controls, and random review procedures, incidents of leakage of classified data to unclassified CMDs are bound to occur. In these instances, the organization must have a set of defined procedures to be implemented when classified data is discovered on CMD. Failure to have incident handling procedures defined could result in confusion in the proper handling of the incident by organization personnel, or, worst case, classified data being disclosed to unauthorized sources. This requirement applies to all CMDs.
Review the organization's access control and security policy, incident handling procedures, and any other relevant documents. Ensure the organization has defined an incident handling policy with specific actions to be implemented when classified information has been found on mobile devices. Determine if the site has had a data spill within the previous 24 months. If yes, review written records, incident reports, and/or after action reports and determine if required procedures were followed. If the incident handling policy is not being followed, this is a finding.
Follow all incident handling policy actions to be taken when classified information has been identified on mobile devices.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer