The User Agreement must include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| low | V-259756 | PP-BYO-000210 | AIOS-17-800210 | SV-259756r943593_rule | 2024-01-31 | 1 |
Description
DOD policy states BYOAD owners must sign a user agreement and be made aware of what personal data and activities will be monitored by the enterprise by including this information in the user agreement.
Reference: DOD policy "Use of Non-Government Mobile Devices" 3.a.(3)ii, and 3.c.(4).
SFR ID: FMT_SMF_EXT.1.1 #47
ℹ️ Check
Verify the user agreement includes a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools.
If the user agreement does not include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools, this is a finding.
✔️ Fix
Include a description in the user agreement of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools.