Unmanaged Device Presence

A subject operates in an environment where non-corporate, unmanaged devices can be introduced, carried, or used within organizational premises without effective restriction, monitoring, or control. These devices may include personal laptops, removable media, mobile phones, or small-form hardware capable of storage, processing, or network connectivity. Unlike sanctioned Bring Your Own Device (BYOD) arrangements, this condition exists outside formal governance, with no enforced linkage between the device and the subject's identity or role.

The presence of unmanaged devices establishes a persistent and unmonitored means through which a subject may bypass established security controls. This includes enabling offline data collection, covert data exfiltration, unauthorized recording, or the introduction of rogue systems. It also supports preparatory activity, such as staging data for removal or facilitating external interaction beyond controlled organizational channels.