From Mobile Policy Security Requirements Guide
Part of SRG-MPOL-055
Associated with: CCI-000082
Malware can be introduced to a DoD enclave via personally-owned applications and personal website accounts. In addition, sensitive DoD data could be exposed, altered, or exfiltrated by the same malware.
Review the organization's policy to determine if it provides information on allowed personal use of site/Command mobile devices. The policy will be approved by the DAA based on a risk-based assessment. The policy must include: -Installation of user-owned and free commercial applications. -Download of user-owned data (music files, picture files, etc.). -Connections to user social media accounts. -The use of geo-location aware applications that save or transmit the location of the device. The use of geo-location aware applications should be based on an Operational Security (OPSEC) risk assessment. -Connecting DoD managed mobile devices to personally-owned computers. (For example, a personally owned computer used to download personally-owned files to the mobile device). If the organization does not have a Mobile Device Personal Use Policy detailing the requirements for downloading user owned data (music files, pictures, etc.) on the mobile device, this is a finding.
Develop a Personal Use Policy which details the requirements for downloading user owned data (music files, picture files, etc.) on the mobile device.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer