From Mobile Policy Security Requirements Guide
Part of SRG-MPOL-057
Associated with: CCI-000082
Malware can be introduced on a DoD enclave via personally-owned applications and personal website accounts. In addition, sensitive DoD data could be exposed by the same malware.
Determine if the site has a Personal Use Policy for site/Command-managed or owned CMDs. The policy must include: -Installation of user-owned and free commercial applications. -Viewing and/or downloading personal email. -Download of user-owned data (music files, picture files, etc.). -Connections to user social media accounts. -The use of geo-location aware applications that save or transmit the location of the device. The use of geo-location aware applications should be based on an Operational Security (OPSEC) risk assessment. -Connecting DoD managed mobile devices to personally-owned computers. (For example, a personally owned computer used to download personally-owned files to the mobile device.) Verify the policy has been signed or otherwise approved by the site DAA. If a Personal Use Policy for site/Command managed or owned CMDs does not exist or is not approved by the DAA, this is a finding.
Create and publish a Personal Use Policy for DoD component managed or owned CMDs and obtain DAA approval of the policy.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer