The organization must ensure all non-enterprise activated CMD users complete Operational Security (OPSEC) training that provides use guidelines and vulnerability mitigation techniques.

From Mobile Policy Security Requirements Guide

Associated with: CCI-001566

SV-47313r1_rule The organization must ensure all non-enterprise activated CMD users complete Operational Security (OPSEC) training that provides use guidelines and vulnerability mitigation techniques.

Vulnerability discussion

Improper use of CMD devices can compromise both the CMD and the network, as well as, expose DoD data to unauthorized individuals. Without adequate OPSEC training, users are more likely to engage in behaviors that make DoD networks and information more vulnerable to security exploits.The security personnel and the site CMD device administrators must ensure non-enterprise activated CMD users receive OPSEC training.

Check content

Review the site's training policy to determine if users are required to complete OPSEC training for the use of non-enterprise activated CMDs. If non-enterprise activated CMD users are not required to complete OPSEC training, this is a finding.

Fix text

Develop and publish policy mandating all non-enterprise activated CMD users complete Operational Security (OPSEC) training that provides use guidelines and vulnerability mitigation techniques.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.