The IDPS must monitor for unauthorized wireless connections on an organizationally defined frequency.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34618	SRG-NET-999999-IDPS-00210	SV-45488r1_rule		Medium

Description
The IDPS must monitor for unauthorized connections to the network through use of wireless IDS sensors. Wireless technologies include, for example, microwave, satellite, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP). In certain situations, wireless signals may radiate beyond the confines of organizationally controlled facilities. Organizations must proactively search for unauthorized wireless connections, including monitoring for unauthorized wireless access points. Monitoring must not be limited to those areas within facilities containing information systems, but must also include areas outside of facilities as needed, to verify that unauthorized wireless access points are not connected to the systems. Organizational response actions may include disabling unauthorized wireless connections. Monitoring may be accomplished on an ongoing basis or by periodic monitoring.

Description

The IDPS must monitor for unauthorized connections to the network through use of wireless IDS sensors. Wireless technologies include, for example, microwave, satellite, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP). In certain situations, wireless signals may radiate beyond the confines of organizationally controlled facilities. Organizations must proactively search for unauthorized wireless connections, including monitoring for unauthorized wireless access points. Monitoring must not be limited to those areas within facilities containing information systems, but must also include areas outside of facilities as needed, to verify that unauthorized wireless access points are not connected to the systems. Organizational response actions may include disabling unauthorized wireless connections. Monitoring may be accomplished on an ongoing basis or by periodic monitoring.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42837r1_chk )
Verify that a WIDS is installed to monitor the network for unauthorized (rogue) wireless devices or networks. If the IDPS does not monitor for unauthorized wireless connections to the information system, this is a finding.

Fix Text (F-38885r1_fix)
Install and configure wireless IDPS sensors (or other automated detection method) to monitor for unauthorized wireless access to the network.