UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Physical security controls must be implemented for SWLAN access points.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18584 WIR0225 SV-20128r4_rule ECTM-2 ECWN-1 Medium
Description
If an adversary is able to gain physical access to a SWLAN device, it may be able to compromise the device in a variety of ways, some of which could enable the adversary to obtain classified data. Physical security controls greatly mitigate this risk.
STIG Date
Harris SecNet 11 / 54 Security Technical Implementation Guide 2011-10-07

Details

Check Text ( C-22007r2_chk )
Detailed Policy Requirements:

The following physical security controls must be implemented for SWLAN access points:

- Secure WLAN access points shall be physically secured, and methods shall exist to facilitate the detection of tampering. WLAN APs are part of a communications system and shall have controlled physical security, in accordance with DoDD 5200.08-R. SWLAN access points not within a location that provides limited access shall have controlled physical security with either fencing or inspection.

- Either physical inventories or electronic inventories shall be conducted daily by viewing or polling the serial number or MAC address. Access points not stored in a COMSEC-approved security container shall be physically inventoried.
Check Procedures:

It is recommended the Traditional Reviewer assist with this check. Review the physical security controls of the SWLAN access points.

- Verify site SWLAN access points are physically secured - -- Verify there is some method for alerting site security if the access point has been tampered with.
- Determine if site SWLAN access points are in locations that provide limited access to only authorized personnel who are approved to access the access points.
- Determine how the site conducts a daily physical inventory of SWLAN access points. Verify that required inventory methods are used, depending on if the access points are stored in a COMSEC container.

- Mark as a finding if any requirement has not been met.
Fix Text (F-34120r1_fix)
Implement required physical security controls for the SWLAN.