Skip to content

The mobile device used for BYOAD must be NIAP validated.

An XCCDF Rule

Description

<VulnDiscussion>Nonapproved mobile devices may not include sufficient controls to protect work data, applications, and networks from malware or adversary attack. Components must only approve devices listed on the NIAP product compliant list or products listed in evaluation at the following links respectfully: - https://www.niap-ccevs.org/Product/ - https://www.niap-ccevs.org/Product/PINE.cfm Reference: DOD policy "Use of Non-Government Mobile Devices" (3.b.(1)i). SFR ID: FMT_SMF_EXT.1.1 #47</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-258474r929238_rule
Severity
High
References
Updated



Remediation - Manual Procedure

Use only mobile devices for BYOAD that are NIAP validated (included on the NIAP list of compliant products or products in evaluation).