Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-8283 | WIR0005 | SV-8778r6_rule | High |
Description |
---|
Unauthorized wireless systems expose DoD networks to attack. The Authorizing Official (AO) and appropriate commanders must be aware of all wireless systems used at the site. AOs should ensure a risk assessment for each system, including associated services and peripherals, is conducted before approving. Accept risks only when needed to meet mission requirements. |
STIG | Date |
---|---|
Mobile Policy Security Technical Implementation Guide (STIG) | 2018-09-07 |
Check Text ( C-3890r8_chk ) |
---|
1. Request copies of written AO approval documentation for wireless/mobile devices used by the site. 2. Verify AO approval for wireless/mobile devices in use at the site. Note: The AO approval for wireless/mobile systems does not need to be documented separately from other AO approval documents for the site network, as long as the approval documents list the wireless/mobile systems in use at the site. For example, if a site network ATO lists the wireless system, the ATO meets the requirements of this check. If the AO has not approved all wireless/mobile devices used at the site, this is a finding. |
Fix Text (F-19194r4_fix) |
---|
Obtain AO approval prior to wireless systems being installed and used. |