The organization must execute its incident response plan or applicable Standard Operating Procedure (SOP) when a CMD is reported lost or stolen.

From Mobile Policy Security Requirements Guide

Part of SRG-MPOL-081

Associated with: CCI-000836

SV-47315r1_rule The organization must execute its incident response plan or applicable Standard Operating Procedure (SOP) when a CMD is reported lost or stolen.

Vulnerability discussion

If procedures for lost or stolen CMDs are not followed, it is more likely that an adversary could obtain the device and use it to access DoD networks or otherwise compromise DoD information systems and data.

Check content

Determine if any site mobile devices were reported lost or stolen within the previous 24 months. If yes, review written records, incident reports, and/or after action reports and determine if required procedures were followed. If the site had a lost or stolen mobile device within the previous 24 months and required procedures were not followed, this is a finding.

Fix text

Follow required actions when a CMD is reported lost or stolen.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer