The User Agreement must include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-257101	AIOS-16-800210	SV-257101r904048_rule		Low

Description

DOD policy states BYOAD owners must sign a user agreement and be made aware of what personal data and activities will be monitored by the enterprise by including this information in the user agreement. Reference: DOD policy "Use of Non-Government Mobile Devices" 3.a.(3)ii, and 3.c.(4). SFR ID: FMT_SMF_EXT.1.1 #47

STIG	Date
Apple iOS/iPad OS 16 MDFPP 3.3 BYOAD Security Technical Implementation Guide	2023-08-14

Details

Check Text (C-60786r904046_chk)

Verify the user agreement includes a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools.

If the user agreement does not include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools, this is a finding.

Fix Text (F-60727r904047_fix)

Include a description in the user agreement of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools.