The user agreement must include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-272517	KNOX-15-802100	SV-272517r1098324_rule		Low

Description

DOD policy states BYOAD owners must sign a user agreement and be made aware of what personal data and activities will be monitored by the Enterprise by including this information in the user agreement. Reference: DOD policy "Use of Non-Government Mobile Devices" (3.a.(3)ii, and 3.c.(4)). SFR ID: FMT_SMF_EXT.1.1 #47

STIG	Date
Samsung Android 15 BYOAD Security Technical Implementation Guide	2025-04-29

Details

Check Text (C-76598r1098322_chk)

Verify the user agreement includes a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools.

If the user agreement does not include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools, this is a finding.

Fix Text (F-76503r1098323_fix)

Include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools in the user agreement.