>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

5.13.2Wireless Device Risk Mitigations

>Control Description

Mobile Device Management (MDM) facilitates the implementation of sound security controls for mobile devices and allows for centralized oversight of configuration control, application usage, and device protection and recovery, if so desired by the agency. Due to the potential for inconsistent network access or monitoring capability on mobile devices, methods used to monitor and manage the configuration of full-featured operating systems may not function properly on devices with limited-feature operating systems. MDM systems and applications coupled with device specific technical policy can provide a robust method for device configuration management if properly implemented. Devices that have had any unauthorized changes made to them (including but not limited to being rooted or jailbroken) shall not be used to process, store, or transmit CJI data at any time. User agencies shall implement the following controls when directly accessing CJI from devices running a limited-feature operating system: 1. Ensure that CJI is only transferred between CJI authorized applications and storage areas of the device. 2. MDM with centralized administration configured and implemented to perform at least the following controls: a. Remote locking of device b. Remote wiping of device c. Setting and locking device configuration d. Detection of “rooted” and “jailbroken” devices e. Enforcement of folder or disk level encryption f. Application of mandatory policy settings on the device g. Detection of unauthorized configurations h. Detection of unauthorized software or applications i. Ability to determine the location of agency-controlled devices j. Prevention of unpatched devices from accessing CJI or CJI systems k. Automatic device wiping after a specified number of failed access attempts EXCEPTION: An MDM is not required when receiving CJI from an indirect access information system (i.e., the system provides no capability to conduct transactional activities on state and national repositories, applications or services). However, it is incumbent upon the authorized agency to ensure CJI is delivered to the appropriate requesting agency or individual. The CSO will make the final determination of whether access is considered indirect.

>Cross-Framework Mappings

SCF

MDM-01
Compare
MDM-02
Compare
MDM-03
Compare
MDM-05
Compare

Ask AI

Configure your API key to use AI features.