The mobile device used for BYOAD must be NIAP validated.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
high	V-259759	PP-BYO-000200	AIOS-17-800280	SV-259759r943602_rule	2024-01-31	1

Description
Note: For a virtual mobile infrastructure (VMI) solution, both the client and server components must be NIAP compliant. Nonapproved mobile devices may not include sufficient controls to protect work data, applications, and networks from malware or adversary attack. Components must only approve devices listed on the NIAP product compliant list or products listed in evaluation at the following links respectively: - https://www.niap-ccevs.org/Product/ - https://www.niap-ccevs.org/Product/PINE.cfm Reference: DOD policy "Use of Non-Government Mobile Devices". 3.b.(1)i. SFR ID: FMT_SMF_EXT.1.1 #47

Description

Note: For a virtual mobile infrastructure (VMI) solution, both the client and server components must be NIAP compliant. Nonapproved mobile devices may not include sufficient controls to protect work data, applications, and networks from malware or adversary attack. Components must only approve devices listed on the NIAP product compliant list or products listed in evaluation at the following links respectively: - https://www.niap-ccevs.org/Product/ - https://www.niap-ccevs.org/Product/PINE.cfm Reference: DOD policy "Use of Non-Government Mobile Devices". 3.b.(1)i. SFR ID: FMT_SMF_EXT.1.1 #47

ℹ️ Check
Verify the mobile device used for BYOAD is NIAP validated (included on the NIAP list of compliant products or products in evaluation). If the mobile device used for BYOAD is not NIAP validated (included on the NIAP list of compliant products or products in evaluation), this is a finding.

✔️ Fix
Use only mobile devices for BYOAD that are NIAP validated (included on the NIAP list of compliant products or products in evaluation).