UCF STIG Viewer Logo

ECWN-1 Wireless Computing and Network


Overview

Wireless computing and networking capabilities from workstations, laptops, personal digital assistants (PDAs), handheld computers, cellular phones, or other portable electronic devices are implemented in accordance with DoD wireless policy, as issued. (See also ECCT). Unused wireless computing capabilities internally embedded in interconnected DoD IT assets are normally disabled by changing factory defaults, settings or configurations prior to issue to end users. Wireless computing and networking capabilities are not independently configured by end users.

MAC / CONF Impact Subject Area
MACI
MACII
MACIII
High Enclave Computing Environment

Details

Threat
Wireless computing and networking provide many benefits such as portability and flexibility, increased productivity, and lower installation costs.  However, wireless networks present similar security risks to those of a wired network, and since the open airwaves are the communications medium for wireless technology, an entirely new set of risks are introduced.  Implementing wireless computing and networking capabilities in accordance with DoD wireless policy and allowing only authorized and qualified personnel to configure wireless services greatly reduces vulnerabilities.

Guidance
1. All wireless systems shall be approved by the DAA prior to installation and use for processing DoD information.
2. Personally owned wireless devices shall not be used for processing DoD information.
3. A list of all DAA approved WLAN devices shall be maintained.
4. All individual functions of multi-functional devices shall be secured.
5. Wireless devices shall be documented in the system security documentation.
6. All wireless devices, particularly laptops, shall comply with applicable operating system STIGs.
7. DoD approved anti-virus software shall be installed and configured in accordance with the Desktop Application STIG on all wireless devices, particularly laptops and PDAs, and kept up-to-date with the most recent virus definition tables.

References

  • CJCSM 6510.10, Defense-In-Depth: Information Assurance (IA) and Computer Network Defense (CND), 15 March 2002
  • CJCSI - Policy for Department of Defense (DOD) Voice Networks With Real Time Services
  • NIST SP 800-48, Wireless Network Security: 802.11, Bluetooth, and Handheld Devices, November 2002
  • DISA, Wireless Security Checklist, Version 3, Release 1.1, 01 November 2004
  • DoDD 8100.2, Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense Global Information Grid (GIG), 14 April 2004
  • DoDD 4650.1, Management and Use of the Radio Frequency Spectrum, 24 June 1987
  • DoD 5200.1-R, Information Security Program, January 1997
  • DoDD 4630.5, Interoperability and Supportability of Information Technology and National Security Systems, 11 January 2002
  • DoDI 4630.8, Procedures for Interoperability and Supportability of Information Technology and National Security Systems, 02 May 2002