UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network element must monitor for unauthorized connections of mobile devices to information systems.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33965 SRG-NET-000071-DNS-NA SV-44418r1_rule Medium
Description
Wireless services enable users within close proximity of access points to have access to data and services within the private network. The security boundary of a Wireless LAN extends from the client device to the network boundary where network access is controlled. This boundary represents the portion of the network most vulnerable to attack and thereby must be protected. Unless restrictions are put in place, a user connecting to the enclave via wireless access can access/perform everything he/she could access/perform as those connected via Ethernet. Monitoring will ensure unauthorized access to the enclave's resources and data will not go undetected. Use of unapproved devices to process non-publicly releasable data increases the risk to the network. Devices attached to or inserted into the end point's plug-and-play ports and slots can be a vector for the insertion of malware when used to access the network. Storage devices are portable and can be easily concealed. Requiring approval prior to use these devices heightens awareness of the threat, limits the potential use of contaminated devices, and allows for proper tracking and control. Designated Approval Authority (DAA) approval of flash memory devices is required by the United States Cyber Command (USCYBERCOM) Communications Task Order (CTO) 10-004A Removable Flash Media Device Implementation within and between Department of Defense (DoD) Networks (U/FOUO) (or latest version of this CTO). Monitoring mobile devices is not a function of DNS.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2012-10-24

Details

Check Text ( C-41976r1_chk )
This is not a function of DNS.
Fix Text (F-37880r1_fix)
This requirement is NA for DNS. No fix required.