The site wireless policy or wireless remote access policy must include information on required CMD Wi-Fi security controls.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-24966 | WIR-SPP-010 | SV-30703r4_rule | ECWN-1 | Low |
| Description |
|---|
| If the policy does not include information on Wi-Fi security controls, then it is more likely that the security controls will not be implemented properly. Wi-Fi is vulnerable to a number of security breaches without appropriate controls. These breaches could involve the interception of sensitive DoD information and the use of the device to connect to DoD networks. |
| STIG | Date |
|---|---|
| Commercial Mobile Device (CMD) Policy Security Technical Implementation Guide (STIG) | 2013-03-12 |
Details
| Check Text ( C-31130r5_chk ) |
|---|
| Detailed Policy Requirements: -The site wireless security policy or wireless remote access policy shall include information on locations where CMD Wi-Fi access is approved or disapproved. The following locations will be specifically listed in the policy: -Site-managed Wi-Fi access point connected to the NIPRNet (Enclave-NIPRNet Connected). -Site-managed Wi-Fi access point connected to the Internet only (Internet Gateway Only Connection). -Public Wi-Fi Hotspot. -Hotel Wi-Fi Hotspot. -Home Wi-Fi network (user managed). Note: DoD CMD will not be used to connect to Public or Hotel Hotspots. Check Procedures: Review the site policy. Verify it contains the required information. Mark as a finding if site policy does not include information on required CMD Wi-Fi security controls. |
| Fix Text (F-27601r3_fix) |
|---|
| Publish CMD Wi-Fi security policy that includes information on required CMD Wi-Fi security controls. |