Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19813 | WIR0045 | SV-21976r4_rule | ECWN-1 | High |
Description |
---|
With the increasing popularity of wireless networking, many OEMs embedded the wireless NIC in the computer. Although the system administrator may disable these embedded NICs, the user may purposefully or accidentally enable the device. These devices may also inadvertently transmit ambient sound or electronic signals. Therefore, simply disabling the transmit capability is an inadequate solution for computers processing classified information. In addition, embedded wireless cards do not meet DoD security requirements for classified wireless usage. |
STIG | Date |
---|---|
General Wireless Policy Security Technical Implementation Guide | 2011-04-08 |
Check Text ( C-24829r3_chk ) |
---|
Interview the IAO and inspect a sample of laptops/PCs (check about 10% if possible, with priority to laptops) used at the site for classified data processing. 1. Ask if there are laptops/PCs that are used to process classified information and have embedded wireless NICs. No embedded wireless NICs are allowed, including WLAN, Bluetooth, WMAN, cellular, etc. 2. The NIC should be physically removed. Use of methods such as tape or software disabling are not acceptable. Mark as a finding if site is using embedded wireless NICs. If this is a finding, recommend to the DAA that this is a critical finding requiring immediate action. |
Fix Text (F-20496r1_fix) |
---|
Ensure computers with embedded Wireless NICs that cannot be removed are not used to transfer, receive, store, or process classified information. |