UCF STIG Viewer Logo

All wireless/mobile systems (including associated peripheral devices, operating system, applications, network/PC connection methods, and services) must be approved by the approval authority prior to installation and use for processing DoD information.


Overview

Finding ID Version Rule ID IA Controls Severity
V-8283 WIR0005 SV-8778r7_rule High
Description
Unauthorized wireless systems expose DoD networks to attack. The Authorizing Official (AO) and appropriate commanders must be aware of all wireless systems used at the site. AOs should ensure a risk assessment for each system, including associated services and peripherals, is conducted before approving. Accept risks only when needed to meet mission requirements.
STIG Date
Mobile Device Policy Security Technical Implementation Guide (STIG) 2019-05-21

Details

Check Text ( C-3890r8_chk )
1. Request copies of written AO approval documentation for wireless/mobile devices used by the site.

2. Verify AO approval for wireless/mobile devices in use at the site.

Note: The AO approval for wireless/mobile systems does not need to be documented separately from other AO approval documents for the site network, as long as the approval documents list the wireless/mobile systems in use at the site. For example, if a site network ATO lists the wireless system, the ATO meets the requirements of this check.

If the AO has not approved all wireless/mobile devices used at the site, this is a finding.
Fix Text (F-19194r4_fix)
Obtain AO approval prior to wireless systems being installed and used.