If the organization has approved wireless remote access, the organization's System Security Profile (SSP) must include the types of wireless remote access equipment and locations (site network Wi-Fi, home, hotel, public hotspots, etc.) approved for site personnel.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-MPOL-002	SRG-MPOL-002	SRG-MPOL-002_rule		Low

Description
Wireless clients, networks, and data may be compromised if unapproved wireless remote access is utilized. In most cases, unapproved devices are not managed and configured as required by the appropriate security controls. The site's overall network security controls cannot be appropriately configured to provide adequate security for unapproved devices if they are not known. When listed in the accreditation documentation, the site has shown that security controls have been designed to account for the wireless devices.

Description

Wireless clients, networks, and data may be compromised if unapproved wireless remote access is utilized. In most cases, unapproved devices are not managed and configured as required by the appropriate security controls. The site's overall network security controls cannot be appropriately configured to provide adequate security for unapproved devices if they are not known. When listed in the accreditation documentation, the site has shown that security controls have been designed to account for the wireless devices.

STIG	Date
Mobile Policy Security Requirements Guide	2012-10-10

Details

Check Text ( C-SRG-MPOL-002_chk )
Review the site's accreditation documentation and verify it includes a listing of approved types of wireless remote access equipment and locations (home, hotel, etc.). If the site accreditation documentation does not reference approved wireless remote access equipment and locations, this is a finding.

Fix Text (F-SRG-MPOL-002_fix)
Ensure the site's accreditation documentation includes approved types of wireless remote access equipment and location information.