UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

General Wireless Policy Security Technical Implementation Guide


Overview

Date Finding Count (9)
2011-04-08 CAT I (High): 3 CAT II (Med): 2 CAT III (Low): 4
STIG Description
This STIG provides policy, training, and operating procedure security controls for the use of wireless devices and systems in the DoD environment. This STIG applies to any wireless device (such as WLAN Access Points and clients, Bluetooth devices, smartphones and cell phones, wireless keyboards and mice, and wireless remote access devices) used to store, process, transmit or receive DoD information.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-12072 High Wireless devices are not permitted in a permanent, temporary, or mobile Sensitive Compartmented Information Facilities (SCIFs), unless approved by the SCIF Cognizant Security Authority (CSA) in accordance with Intelligence Community Directive 503 and Director Central Intelligence Directive (DCID) 6/9, the DAA, and the site Special Security Officer (SSO). For SME PED: This requirement is not applicable. This check will automatically be included in a security reviewer’s checklist by VMS.
V-8283 High All wireless systems (including associated peripheral devices, operating system, applications, network/PC connection methods, and services) must be approved by the Designated Approval Authority (DAA) prior to installation and use for processing DoD information.
V-19813 High Computers with an embedded wireless system must have the radio removed before the computer is used to transfer, receive, store, or process classified information.
V-14894 Medium All wireless network devices such as wireless Intrusion Detection System (IDS) and wireless routers, access points, gateways, and controllers must be located in a secure room with limited access or otherwise secured to prevent tampering or theft.
V-12106 Medium Wireless devices must not be operated in areas where classified information is electronically stored, processed, or transmitted unless required conditions are followed. Note: This requirement is Not Applicable for SME PED.
V-13982 Low All users of mobile devices or wireless devices must sign a user agreement before the mobile or wireless device is issued to the user and the user agreement used at the site does must include required content listed below.
V-8297 Low Wireless devices that connect directly or indirectly (e.g., ActiveSync, wireless, etc.) to the network will be included in the site System Security Plan (SSP).
V-8284 Low The site IAO will maintain a list of all DAA-approved wireless and non-wireless PED devices that store, process, or transmit DoD information.
V-15782 Low DAA must approve the use of personally-owned PEDs that are used to transmit, receive, store, or process DoD information. Owner must sign a forfeiture agreement in case of a security incident.