According to AC.L2-3.1.18, what is required for mobile device connections in OSCs?

The requirement that mobile device connections must be monitored and logged is crucial for maintaining security within Organizational Security Controls (OSCs). This practice helps ensure that any interaction with the devices is accounted for, allowing for the detection of unauthorized access or anomalies in usage patterns. Monitoring and logging mobile device connections enable organizations to track user activities, identify potential security incidents, and comply with regulations regarding the protection of Controlled Unclassified Information (CUI).

This measure is part of a broader strategy to safeguard data, reinforcing the importance of maintaining an audit trail that can be referenced in response to security incidents or compliance assessments. By effectively monitoring and logging mobile device connections, organizations can enhance their overall security posture, respond to threats more proactively, and ensure that sensitive information is protected throughout its lifecycle.