AC.L2-3.1.18—Mobile Device Connection
Level 2
800-171: 3.1.18
>Control Description
Control connection of mobile devices.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your mobile device management policy?
- •How do you govern which mobile devices can connect to organizational systems?
- •What is your approval process for mobile device access?
- •How do you handle employee-owned versus company-owned devices (BYOD policy)?
Technical Implementation:
- •What mobile device management (MDM) solution do you use?
- •How do you technically control which mobile devices can connect?
- •What configurations are pushed to mobile devices via MDM?
- •What security controls are enforced on mobile devices (encryption, PIN)?
- •How do you remotely wipe lost or stolen mobile devices?
Evidence & Documentation:
- •What documentation demonstrates your access control policies and procedures?
- •What access control matrices or permissions documentation can you provide?
- •What access request and approval records can you show?
- •What access review documentation demonstrates periodic reviews?
- •What audit logs demonstrate access control enforcement?
- •What screenshots or configuration exports show access control settings?
Ask AI
Configure your API key to use AI features.