Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-8284 | WIR0015 | SV-8779r15_rule | DCHW-1 | Low |
Description |
---|
The site must maintain a list of all DAA-approved wireless devices. Close tracking of authorized wireless devices will facilitate the search for rogue devices. Sites must keep good inventory control over wireless and handheld devices that are used to store, process, and transmit DoD data since these devices can be easily lost or stolen leading to possible exposure of DoD data. |
STIG | Date |
---|---|
General Wireless Policy Security Technical Implementation Guide | 2011-06-20 |
Check Text ( C-7600r10_chk ) |
---|
Detailed Policy Requirements: The list will be stored in a secure location and will include the following at a minimum: -Access point Media Access Control (MAC) address (WLAN only) -Access point IP address (WLAN only) -Wireless client IP address -Wireless client MAC address -Wireless channel set for each access point (WLAN only) -Network DHCP range (WLAN & WWAN only) -Type of encryption enabled -Encryption key used -Access point SSID (WLAN only) -Manufacturer, model number, and serial number of wireless equipment -Equipment location -Assigned users with telephone numbers For smartphones and PDAs: -Manufacturer, model number, and serial number of wireless equipment -Equipment location -Assigned users with telephone numbers For SME PED: Local commands will keep track of devices by assigning a control number or using the serial number for accountability purposes. Check Procedures: Work with the site POC to verify: 1. Request copies of site’s wireless equipment list. -Security Readiness Review (SRR) worksheets in Appendix B of the Wireless Security Checklist may be used. -Detailed SSAA/SSP or database may be used. 2. Verify that all minimum data elements listed in the STIG policy are included in the equipment list. 3. Verify that all WLAN devices used, including infrared mice/keyboards, are included. 4. Verify procedures are in place for ensuring that the list is kept updated. 5. Note the date of last update and if the list has many inaccuracies. Mark as a finding if the equipment list does not exist, all data elements are not tracked, or the list is outdated. This check applies to: - Wireless networking devices such as access points, bridges, and switches. - WLAN client devices such as laptop computers and PDAs if used with WLAN NICs. - Wireless peripherals such as Bluetooth, and Infrared mice and keyboards, communications devices such as VoIP, cellular/satellite telephones, and Broadband NICs non-wireless PEDs that store, process, or transmit DoD information. |
Fix Text (F-3728r3_fix) |
---|
Maintain a list of all DAA-approved WLAN devices. The list must be kept updated periodically and will contain the data elements required by the STIG policy. |