The objective of this audit was to determine whether DoD Components implemented cybersecurity controls to protect classified mobile devices and classified information accessed, transferred, and stored on those devices, in accordance with Federal and DoD guidance. Cybersecurity controls are safeguards and countermeasures designed to protect the confidentiality, integrity, and availability of information that is processed, stored, and transmitted on or through systems and networks. Mobile devices are portable computing devices with communication capabilities, such as smart phones or tablets, designed to wirelessly transmit and receive information. We reviewed the effectiveness of select cybersecurity controls on classified mobile devices at the Defense Information Systems Agency (DISA), the U.S. European Command (USEUCOM), and two subcomponents of the U.S. Special Operations Command (USSOCOM).