The organization's wireless mobile area network (WMAN) system accreditation must include a Transmission Security (TRANSEC) vulnerability analysis, if the WMAN system operates in a tactical environment.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-MPOL-004	SRG-MPOL-004	SRG-MPOL-004_rule		Low

Description
If a TRANSEC vulnerability analysis has not been completed, the system may not be designed or configured correctly to mitigate exposure of DoD data, or may be vulnerable to a wireless attack. The purpose of the analysis is to determine the jamming and exploitation risk of a WMAN system based on the design of the system If the WMAN system is a tactical system or a commercial system operated in a tactical environment, the site WMAN system accreditation documentation must include a Transmission Security (TRANSEC) vulnerability analysis. The analysis must include a determination on whether the system has a low probability of exploitation (LPE) for the WMAN signal in space, and list recommended risk mitigation actions. NOTE: This check should only be reviewed during the initial system Certification and Accreditation (C&A).

Description

If a TRANSEC vulnerability analysis has not been completed, the system may not be designed or configured correctly to mitigate exposure of DoD data, or may be vulnerable to a wireless attack. The purpose of the analysis is to determine the jamming and exploitation risk of a WMAN system based on the design of the system If the WMAN system is a tactical system or a commercial system operated in a tactical environment, the site WMAN system accreditation documentation must include a Transmission Security (TRANSEC) vulnerability analysis. The analysis must include a determination on whether the system has a low probability of exploitation (LPE) for the WMAN signal in space, and list recommended risk mitigation actions. NOTE: This check should only be reviewed during the initial system Certification and Accreditation (C&A).

STIG	Date
Mobile Policy Security Requirements Guide	2012-10-10

Details

Check Text ( C-SRG-MPOL-004_chk )
Review the accreditation documentation to determine if the WMAN system is a tactical system or a commercial system used in a tactical environment. Verify a TRANSEC vulnerability analysis was performed on the WMAN system during the system C&A review. The documentation must include the required components: Verification that radio communications are encrypted, including the management, control and data frames, determination of denial of service risks to the network, and probability of LPE for the WMAN signal. If documentation is missing the required analysis and components, this is a finding. Note: Check with NSA to determine if additional mitigation actions are available. This requirement is not applicable if the WMAN system is not a tactical system or a commercial system operated in a tactical environment.

Check Text ( C-SRG-MPOL-004_chk )

Review the accreditation documentation to determine if the WMAN system is a tactical system or a commercial system used in a tactical environment. Verify a TRANSEC vulnerability analysis was performed on the WMAN system during the system C&A review. The documentation must include the required components: Verification that radio communications are encrypted, including the management, control and data frames, determination of denial of service risks to the network, and probability of LPE for the WMAN signal. If documentation is missing the required analysis and components, this is a finding.

Note: Check with NSA to determine if additional mitigation actions are available.

This requirement is not applicable if the WMAN system is not a tactical system or a commercial system operated in a tactical environment.

Fix Text (F-SRG-MPOL-004_fix)
Commission a TRANSEC analysis for the WMAN system.