Rec. 2.d: The DoD OIG recommended that the DoD Chief Information Officer, in coordination with the Under Secretary of Defense for Intelligence and Security, develop comprehensive mobile device and mobile application policy for Components and users. The policy should, at a minimum, require DoD Components to provide regularly scheduled training to DoD mobile device users on the responsible and effective use of mobile devices and applications, including electronic messaging services, in accordance with DoD Chief Information Officer memorandum, "Mobile Application Security Requirements," October 6, 2017, and DoD Instruction 8170.01, "Online Information Management and Electronic Messaging," January 2, 2019 (Incorporating Change 1, August 24, 2021). The training should address, at a minimum, 1) Ethics guidelines to ensure compliance with DoD 5500.07-R, "Joint Ethics Regulation," August 30, 1993 (Incorporating Change 7, November 17, 2011); 2) Definitions of, difference between, and responsible use of managed and unmanaged applications on DoD mobile devices; 3) Best practices when using unmanaged applications; 4) Operational security concerns, potential threats, and risks associated with using unmanaged applications, which may contain capabilities such as location sharing (GPS tracking), personal information sharing, or may have nefarious characteristics (for example, marketing scams, and human trafficking); 5) Cybersecurity concerns associated with using unmanaged applications, which may contain malware or spyware; 6) Privacy-related concerns; 7) Records management requirements to ensure compliance with DoD Instruction 5015.02, "DoD Records Management Program," February 25, 2015 (Incorporating Change 1, August 17, 2017); 8) Information review for clearance and release authorization procedures; and 9) Accessibility standards to ensure compliance with DoD Manual 8400.01, "Accessibility of Information and Communications Technology," November 14, 2017.