UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

If the site uses a continuous WIDS scanning, then the system must be configured to meet requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000071-IDPS-000018 SRG-NET-000071-IDPS-000018 SRG-NET-000071-IDPS-000018_rule Medium
Description
Unauthorized WLAN devices threaten DoD networks in a variety of ways. If someone installs an access point on a DoD network, then people may use that access point to access network resources without any perimeter security controls, which significantly degrades the IA posture of that network. If someone installs an unauthorized access point in the site's vicinity, even if not connected to a DoD network, then site users may unknowingly or inadvertently connect to it. Once this connection occurs, the user's traffic may be diverted to spoofed web sites and other servers to capture the user's authentication credentials and sensitive DoD data. Finally, if an unauthorized WLAN client is operating inside or near the site, it may improperly connect to the site's WLAN infrastructure or other network devices that improperly have left open active Wi-Fi interfaces. WIDS can help counter all of these threats. DoDD 8100.2 requires ALL DoD networks use a wireless IDS to scan for unauthorized wireless devices. The continuous WIDS sensor and server must meet the following requirements: (I) System is server-based, whereby sensor scanning results are consolidated and evaluated by a WIDS server. (ii) The WIDS will scan continuously 24 hours/day, 7 days/week to detect authorized and unauthorized activity. (iii) The WIDS will include a location sensing protection scheme for authorized and unauthorized wireless devices that will provide information enabling designated site personnel to take appropriate actions. While not recommended, WLAN access points that also provide WIDS scanning capability are acceptable as "continuous scanning" WIDS sensors. The WIDS must cover all WLAN frequencies transmitted by the WLAN equipment. The WLAN frequency band can vary by country and the WIDS must cover all channels being used in a country the equipment is being used in. For example, the allowed WLAN channels are different in the U.S., Japan, and many European countries.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43134_chk )
Verify the site has installed a continuous scanning WIDS (e.g., Air Defense or Air magnet)
Verify the continuous scanning WIDS is set up to scan continuously 24 hours/day, 7 days/week to detect authorized and unauthorized activity.
Verify the WIDS includes a location sensing protection scheme for authorized and unauthorized wireless devices.

If any of these requirements have not been met, this is a finding. This is not a finding if the periodic scanning method is used
Fix Text (F-43134_fix)
Configure the continuous WIDS to comply with the requirements.