From Mobile Policy Security Requirements Guide
Part of SRG-MPOL-058
Associated with: CCI-000082
If DoD issued certificates are utilized, the device may be able to connect to sites/systems that are otherwise prohibited without the certificate. Non-enterprise activated CMDs are not authorized to access DoD information. In addition, the certificate store will not be protected with AES encryption or be FIPS validated. DoD PKI certificates would be at risk of being compromised.
Review the organization's published implementation guidance on the use of non-enterprise activated CMDs to determine if DoD software certificates are prohibited from being utilized on the devices. If DoD software certificates are not prohibited, this is a finding.
Publish the organization’s implementation guidance prohibiting the use of DoD-issued software certificates on non-enterprise activated CMDs.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer