Prohibit the use of mobile e-mail devices near classified data, unless expressly authorized.

UCF ID: 04597

Control Type: Process or Activity

Status: Live

Supporting and supported controls

This control directly supports:

Establish and maintain physical security of distributed IT assets. [UCF Control ID 00718]

There are no supporting controls.

Authority documents complied with:

Army Regulation 380-19: Information Systems Security, February 27, 1998, § 2-27.e; Recommended Security Controls for Federal Information Systems, NIST SP 800-53, Revision 3, App F § AC-19(4a), App F § AC-19(4b); DISA Wireless STIG Apriva Sensa Secure Wireless Email System Security Checklist, V5R2.2, Version 5 Release 2.2, § 2.1 (WIR1020), § 2.1 (WIR1040); DISA WIRELESS STIG BLACKBERRY SECURITY CHECKLIST, Version 5, Release 2.4, Version 5 Release 2.4, § 2.1 (WIR0225); DISA Wireless STIG Windows Mobile Messaging Wireless EChecklist Version 5, Release 2.4, Version 5 Release 2.4, § 2.2 (WIR2040); DISA Wireless STIG Motorola Good Mobile Wireless Email System Security Checklist, Version 5 Release 2.3, § 2.2 (WIR3040)

US Federal Security Guidance

Laptop computers should not be allowed to enter or exit sensitive compartmented information (SCI) facilities. [§ 2-27.e, Army Regulation 380-19: Information Systems Security, February 27, 1998]

NIST Guidance

App F § AC-19(4a) The organization must develop and implement policies to prohibit the use of unclassified mobile devices in facilities containing information systems processing, storing, or transmitting classified information unless specifically permitted by the appropriate authorizing official(s).
App F § AC-19(4b) The organization must develop and implement policies to restrict individuals permitted to use mobile devices in facilities containing information systems processing, storing, or transmitting classified information; connection of unclassified mobile devices to classified information systems is prohibited; authorization is required to connect an unclassified mobile device to an unclassified information system; use of internal or external modems or wireless interfaces within the mobile devices is prohibited; and mobile devices and information stored on them are subject to random inspection by security officials, and incident handling policy is implemented if classified information is found. [App F § AC-19(4a), App F § AC-19(4b), Recommended Security Controls for Federal Information Systems, NIST SP 800-53, Revision 3]

Other Configuration Guidance

§ 2.1 (WIR1020) Wireless e-mail devices should not be used to send, receive, process, or store classified messages.
§ 2.1 (WIR1040) Wireless e-mail devices should not be connected to classified networks or systems. [§ 2.1 (WIR1020), § 2.1 (WIR1040), DISA Wireless STIG Apriva Sensa Secure Wireless Email System Security Checklist, V5R2.2, Version 5 Release 2.2]

Two-way, e-mail devices should not be used near classified data, unless the device has been approved for use in the facility or the equipment is separated by a predetermined distance from the classified equipment and appropriate countermeasures are implemented. [§ 2.1 (WIR0225), DISA WIRELESS STIG BLACKBERRY SECURITY CHECKLIST, Version 5, Release 2.4, Version 5 Release 2.4]

Wireless e-mail devices should not be connected to classified Department of Defense (DoD) networks or information systems. [§ 2.2 (WIR2040), DISA Wireless STIG Windows Mobile Messaging Wireless EChecklist Version 5, Release 2.4, Version 5 Release 2.4]

Wireless e-mail devices should not be connected to classified Department of Defense (DoD) networks or information systems. [§ 2.2 (WIR3040), DISA Wireless STIG Motorola Good Mobile Wireless Email System Security Checklist, Version 5 Release 2.3]