From Mobile Policy Security Requirements Guide
Part of SRG-MPOL-074
Associated with: CCI-000089
Despite the implementation of viable countermeasures on mobile devices, upon return from a high risk location, each device should be treated as if it has been compromised. The mobile device should be meticulously inspected for the existence of malware or unauthorized access to, or modification, deletion or destruction of data stored on the mobile device. The inspection is intended to isolate the compromise of the mobile device, thereby preventing promulgation to other organization information systems. If a mobile device has been compromised, organization personnel should initiate additional preventive measures to sanitize the mobile device. If sanitization is not possible, the mobile device should be destroyed.
Interview organization personnel to ensure high risk mobile device inspection and preventive measures are understood, executed, and an audit trail is maintained to document actions taken for each high risk mobile device. NOTE: Inspections should be completed before returning devices are connected to a DoD network. If inspection and preventative measures are not employed for devices returning from high risk locations, this is a finding.
Document the inspection and preventive measures applied to each mobile device returning from a high risk location, ensuring organization defined inspection and preventative measures are being applied.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer