Site physical security policy must include a statement outlining whether CMDs with digital cameras (still and video) are permitted or prohibited on or in this DoD facility.

From Commercial Mobile Device (CMD) Policy Security Technical Implementation Guide (STIG)

Associated with IA controls: ECWN-1

SV-30690r4_rule Site physical security policy must include a statement outlining whether CMDs with digital cameras (still and video) are permitted or prohibited on or in this DoD facility.

Vulnerability discussion

Mobile devices with cameras are easily used to photograph sensitive information and areas if not addressed. Sites must establish, document, and train on how to mitigate this threat.

Check content

This requirement applies to mobile operating system (OS) CMDs. Work with traditional reviewer to review site’s physical security policy. Verify the site addresses CMDs with embedded cameras. If there is no written physical security policy outlining whether CMDs with cameras are permitted or prohibited on or in this DoD facility, this is a finding.

Fix text

Update the security documentation to include a statement outlining whether CMDs with digital cameras (still and video) are allowed in the facility.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.