CMMC Level 2
Control 3.1.18
Control Connection of Mobile Devices
CMMC-RP Certified Team
24+ Years Experience
2,500+ Clients Served
Official Requirement
Control connection of mobile devices.
What This Means in Plain English
Mobile devices like smartphones, tablets, and laptops that connect to your systems must be managed and controlled. You need policies and technical measures to govern which mobile devices can connect and under what conditions.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- Microsoft Intune Mobile Device Management (MDM) enforcing enrollment before access
- Conditional Access policies requiring device compliance (encryption, updated OS, PIN) before granting access
- Remote wipe capability for lost or stolen mobile devices
- Sophos Mobile Security on all enrolled devices providing threat detection
- ComplianceArmor mobile device acceptable use policy signed by all employees
Assessment Guidance
Assessors will verify that a mobile device policy exists, test that unmanaged devices are blocked from accessing CUI, review MDM enrollment records, and confirm that remote wipe capability exists and has been tested.
Common Implementation Gaps
- No mobile device management solution deployed
- Personal (BYOD) devices accessing CUI without controls
- No remote wipe capability for mobile devices
- Mobile devices not required to have encryption or PINs
- No mobile device acceptable use policy
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | AC-19 |
| HIPAA | 164.310(d)(1) - Device and Media Controls |
Need Help Implementing 3.1.18?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment