UCF STIG Viewer Logo

The smartphone device Wi-Fi radio must be disabled as the default setting and is enabled only when Wi-Fi connectivity is required.


Finding ID Version Rule ID IA Controls Severity
V-25020 WIR-MOS-AND-041 SV-34999r1_rule ECWN-1 Low
The Wi-Fi radio can be used by a hacker to connect to the smartphone without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave.
Android 2.2 (Dell) Security Technical Implementation Guide 2014-08-26


Check Text ( C-34875r1_chk )
The user will never enable the Wi-Fi radio unless authorized to use Wi-Fi (User Based Enforcement (UBE)). If Wi-Fi use is authorized, the user should turn-off the smartphone Wi-Fi radio whenever Wi-Fi service is not needed.

On a sample of site-managed Android devices (pick 3-4 random devices), verify the Wi-Fi radio is turned off.

-Have the user turn on and log into the device.
-Go to Settings > Wireless & networks > Wi-Fi. Wi-Fi should be turned off.

Mark as a finding if configuration is not set as required.
Fix Text (F-27691r4_fix)
Train user to disable the CMD Wi-Fi radio unless Wi-Fi connectivity is desired for a known authorized Wi-Fi connection.