Detections
Analytics

800-53|AC-19

Title

ACCESS CONTROL FOR MOBILE DEVICES

Description

The organization:

Supplemental

A mobile device is a computing device that: (i) has a small form factor such that it can easily be carried by a single individual; (ii) is designed to operate without a physical connection (e.g., wirelessly transmit or receive information); (iii) possesses local, non-removable or removable data storage; and (iv) includes a self-contained power source. Mobile devices may also include voice communication capabilities, on-board sensors that allow the device to capture information, and/or built-in features for synchronizing local data with remote locations. Examples include smart phones, E-readers, and tablets. Mobile devices are typically associated with a single individual and the device is usually in close proximity to the individual; however, the degree of proximity can vary depending upon on the form factor and size of the device. The processing, storage, and transmission capability of the mobile device may be comparable to or merely a subset of desktop systems, depending upon the nature and intended purpose of the device. Due to the large variety of mobile devices with different technical characteristics and capabilities, organizational restrictions may vary for the different classes/types of such devices. Usage restrictions and specific implementation guidance for mobile devices include, for example, configuration management, device identification and authentication, implementation of mandatory protective software (e.g., malicious code detection, firewall), scanning devices for malicious code, updating virus protection software, scanning for critical software updates and patches, conducting primary operating system (and possibly other resident software) integrity checks, and disabling unnecessary hardware (e.g., wireless, infrared). Organizations are cautioned that the need to provide adequate security for mobile devices goes beyond the requirements in this control. Many safeguards and countermeasures for mobile devices are reflected in other security controls in the catalog allocated in the initial control baselines as starting points for the development of security plans and overlays using the tailoring process. There may also be some degree of overlap in the requirements articulated by the security controls within the different families of controls. AC-20 addresses mobile devices that are not organization-controlled.

Reference Item Details

Related: AC-18,AC-20,AC-3,AC-7,CA-9,CM-2,IA-2,IA-3,MP-2,MP-4,MP-5,PL-4,SC-43,SC-7,SI-3,SI-4

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 - AirWatch - Update 'firmware' to latest versionMDMAirWatch - CIS Google Android 4 v1.0.0 L1
1.1.1 - AirWatch - Update firmware to latest versionMDMAirWatch - CIS Apple iOS 9 v1.0.0 L1
1.1.1 - AirWatch - Update firmware to latest versionMDMAirWatch - CIS Apple iOS 8 v1.0.0 L1
1.1.10 - AirWatch - Enable 'Airplane Mode'MDMAirWatch - CIS Google Android 4 v1.0.0 L2
1.1.10 - AirWatch - Turn Off AirDrop DiscoverabilityMDMAirWatch - CIS Apple iOS 9 v1.0.0 L2
1.1.10 - AirWatch - Turn off Auto-Join for all Wi-Fi networksMDMAirWatch - CIS Apple iOS 8 v1.0.0 L2
1.1.10 - MobileIron - Enable 'Airplane Mode'MDMMobileIron - CIS Google Android 4 v1.0.0 L2
1.1.10 - MobileIron - Turn Off AirDrop DiscoverabilityMDMMobileIron - CIS Apple iOS 9 v1.0.0 L2
1.1.10 - MobileIron - Turn off Auto-Join for all Wi-Fi networksMDMMobileIron - CIS Apple iOS 8 v1.0.0 L2
1.1.11 - AirWatch - Erase all data before return, recycle, reassignment, or other dispositionMDMAirWatch - CIS Google Android 4 v1.0.0 L1
1.1.11 - AirWatch - Turn Off AirDrop DiscoverabilityMDMAirWatch - CIS Apple iOS 8 v1.0.0 L2
1.1.11 - AirWatch - Turn off Wi-Fi when not neededMDMAirWatch - CIS Apple iOS 9 v1.0.0 L2
1.1.11 - MobileIron - Erase all data before return, recycle, reassignment, or other dispositionMDMMobileIron - CIS Google Android 4 v1.0.0 L1
1.1.11 - MobileIron - Turn Off AirDrop DiscoverabilityMDMMobileIron - CIS Apple iOS 8 v1.0.0 L2
1.1.11 - MobileIron - Turn off Wi-Fi when not neededMDMMobileIron - CIS Apple iOS 9 v1.0.0 L2
1.1.12 - AirWatch - Disable 'Notifications'MDMAirWatch - CIS Google Android 4 v1.0.0 L2
1.1.12 - AirWatch - Turn off VPN when not neededMDMAirWatch - CIS Apple iOS 9 v1.0.0 L1
1.1.12 - AirWatch - Turn off Wi-Fi when not neededMDMAirWatch - CIS Apple iOS 8 v1.0.0 L2
1.1.12 - MobileIron - Disable 'Notifications'MDMMobileIron - CIS Google Android 4 v1.0.0 L2
1.1.12 - MobileIron - Turn off VPN when not neededMDMMobileIron - CIS Apple iOS 9 v1.0.0 L1
1.1.12 - MobileIron - Turn off Wi-Fi when not neededMDMMobileIron - CIS Apple iOS 8 v1.0.0 L2
1.1.13 - AirWatch - Enable 'Lock SIM card'MDMAirWatch - CIS Google Android 4 v1.0.0 L1
1.1.13 - AirWatch - Turn off Bluetooth when not neededMDMAirWatch - CIS Apple iOS 9 v1.0.0 L1
1.1.13 - AirWatch - Turn off VPN when not neededMDMAirWatch - CIS Apple iOS 8 v1.0.0 L1
1.1.13 - MobileIron - Enable 'Lock SIM card'MDMMobileIron - CIS Google Android 4 v1.0.0 L1
1.1.13 - MobileIron - Turn off Bluetooth when not neededMDMMobileIron - CIS Apple iOS 9 v1.0.0 L1
1.1.13 - MobileIron - Turn off VPN when not neededMDMMobileIron - CIS Apple iOS 8 v1.0.0 L1
1.1.14 - AirWatch - Disable 'make passwords visible'MDMAirWatch - CIS Google Android 4 v1.0.0 L1
1.1.14 - AirWatch - Turn off Bluetooth when not neededMDMAirWatch - CIS Apple iOS 8 v1.0.0 L1
1.1.14 - AirWatch - Turn off Personal Hotspot when not neededMDMAirWatch - CIS Apple iOS 9 v1.0.0 L2
1.1.14 - MobileIron - Disable 'make passwords visible'MDMMobileIron - CIS Google Android 4 v1.0.0 L1
1.1.14 - MobileIron - Turn off Bluetooth when not neededMDMMobileIron - CIS Apple iOS 8 v1.0.0 L1
1.1.14 - MobileIron - Turn off Personal Hotspot when not neededMDMMobileIron - CIS Apple iOS 9 v1.0.0 L2
1.1.15 - AirWatch - Enable 'Encrypt phone'MDMAirWatch - CIS Google Android 4 v1.0.0 L1
1.1.15 - AirWatch - Turn off Location ServicesMDMAirWatch - CIS Apple iOS 9 v1.0.0 L2
1.1.15 - AirWatch - Turn off Personal Hotspot when not neededMDMAirWatch - CIS Apple iOS 8 v1.0.0 L2
1.1.15 - MobileIron - Enable 'Encrypt phone'MDMMobileIron - CIS Google Android 4 v1.0.0 L1
1.1.15 - MobileIron - Turn off Location ServicesMDMMobileIron - CIS Apple iOS 9 v1.0.0 L2
1.1.15 - MobileIron - Turn off Personal Hotspot when not neededMDMMobileIron - CIS Apple iOS 8 v1.0.0 L2
1.1.16 - AirWatch - Disable 'developer options' - 'USB Debug'MDMAirWatch - CIS Google Android 4 v1.0.0 L1
1.1.16 - AirWatch - Disable View in Lock Screen for apps when device is lockedMDMAirWatch - CIS Apple iOS 9 v1.0.0 L2
1.1.16 - AirWatch - Turn off Location ServicesMDMAirWatch - CIS Apple iOS 8 v1.0.0 L2
1.1.16 - MobileIron - Disable 'developer options' - 'USB Debug'MDMMobileIron - CIS Google Android 4 v1.0.0 L1
1.1.16 - MobileIron - Disable View in Lock Screen for apps when device is lockedMDMMobileIron - CIS Apple iOS 9 v1.0.0 L2
1.1.16 - MobileIron - Turn off Location ServicesMDMMobileIron - CIS Apple iOS 8 v1.0.0 L2
1.1.17 - AirWatch - Disable 'Unknown sources'MDMAirWatch - CIS Google Android 4 v1.0.0 L1
1.1.17 - AirWatch - Enable Automatic Downloads of App UpdatesMDMAirWatch - CIS Apple iOS 9 v1.0.0 L1
1.1.17 - AirWatch - Turn on Airplane ModeMDMAirWatch - CIS Apple iOS 8 v1.0.0 L2
1.1.17 - MobileIron - Disable 'Unknown sources' - Samsung SAFEMDMMobileIron - CIS Google Android 4 v1.0.0 L1
1.1.17 - MobileIron - Enable Automatic Downloads of App UpdatesMDMMobileIron - CIS Apple iOS 9 v1.0.0 L1