UCF STIG Viewer Logo

Final Draft General Wireless Policy Security Technical Implementation Guide


Date Finding Count (10)
2011-09-30 CAT I (High): 3 CAT II (Med): 2 CAT III (Low): 5
STIG Description
This STIG provides policy, training, and operating procedure security controls for the use of wireless devices and systems in the DoD environment. This STIG applies to any wireless device (such as WLAN Access Points and clients, Bluetooth devices, smartphones and cell phones, wireless keyboards and mice, and wireless remote access devices) used to store, process, transmit or receive DoD information.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-12072 High Wireless devices must not be allowed in a permanent, temporary, or mobile Sensitive Compartmented Information Facilities (SCIFs), unless approved by the SCIF Cognizant Security Authority (CSA) in accordance with Intelligence Community Directive 503 and Director Central Intelligence Directive (DCID) 6/9, the DAA, and the site Special Security Officer (SSO).
V-8283 High All wireless systems (including associated peripheral devices, operating system, applications, network/PC connection methods, and services) must be approved by the approval authority prior to installation and use for processing DoD information.
V-19813 High Computers with an embedded wireless system must have the radio removed before the computer is used to transfer, receive, store, or process classified information.
V-14894 Medium All wireless network devices such as wireless Intrusion Detection System (IDS) and wireless routers, access points, gateways, and controllers must be located in a secure room with limited access or otherwise secured to prevent tampering or theft.
V-12106 Medium Wireless devices must not be operated in areas where classified information is electronically stored, processed, or transmitted unless required conditions are followed.
V-13982 Low All users of mobile devices or wireless devices must sign a user agreement before the mobile or wireless device is issued to the user and the user agreement used at the site must include required content.
V-8297 Low Wireless devices connecting directly or indirectly (i.e., ActiveSync, wireless, etc.) to the network must be included in the site System Security Plan (SSP).
V-8284 Low The site IAO must maintain a list of all DAA-approved wireless and non-wireless PED devices that store, process, or transmit DoD information.
V-15782 Low DAA must approve the use of personally-owned PEDs used to transmit, receive, store, or process DoD information.
V-28314 Low If DAA has approved the use of personally-owned PEDs, the owner must sign a forfeiture agreement in case of a security incident.