Only managed, compliant phones and tablets can connect to CUI.
What it actually means
Phones and tablets that touch CUI must be brought under management (MDM, e.g., Intune) with conditional access — only enrolled, compliant devices connect. Unmanaged personal phones reaching CUI is exactly what this control stops.
Pass or fail — an assessor needs a "yes" to each
- Mobile devices that access CUI are enrolled in MDM.
- Conditional access blocks non-compliant devices.
- A policy governs what mobile devices may connect and how.
What to have ready
- MDM (Intune) enrollment + compliance policies
- Conditional-access policy
- Mobile device policy
Where teams trip up
- Personal phones syncing CUI email with no management
- No conditional access — any device can connect once logged in
- BYOD with no enrollment requirement
Not Applicable only if no mobile devices connect to CUI (document it).
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →