Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-36593 | WIR-CWLAN-04 | SV-48095r1_rule | ECWN-1 | Medium |
Description |
---|
DoD CIO Memorandum, “Use of Commercial Mobile Device (CMD) in the Department of Defense (DoD)”, 6 Apr 2011, requires specific security controls be implemented in the DoD because these technologies “adds a new element of risk to DoD information”. Classified DoD networks and/or data could be exposed if required controls are not implemented for CMDs that operate as components of a campus WLAN system that is based on the CSfC Campus IEEE 802.11 Wireless Local Area Network (WLAN) Capability Package. |
STIG | Date |
---|---|
CSfC Campus WLAN Policy Security Implementation Guide (STIG) | 2013-03-12 |
Check Text ( C-44833r2_chk ) |
---|
Interview the IAM and/or the IAO. Determine if CMDs are used as components of the campus WLAN system that is based on the CSfC Campus IEEE 802.11 Wireless Local Area Network (WLAN) Capability Package. If yes, verify the following key requirements in the DoD CIO memo have been implemented: -The CMDs are managed and controlled by an enterprise management system (Mobile Device Management (MDM) server). -Software and applications must be installed from an approved source (e.g., DoD application store). If CMDs are used as components of the campus WLAN system that is based on the Campus IEEE 802.11 Wireless Local Area Network (WLAN) Capability Package and requirements of the DoD CIO memo are not implemented, this is a finding. |
Fix Text (F-41232r1_fix) |
---|
Implement key requirements of the DoD CIO Memorandum, “Use of Commercial Mobile Device (CMD) in the Department of Defense (DoD). |