UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization's wireless mobile area network (WMAN) system accreditation must include a Transmission Security (TRANSEC) vulnerability analysis, if the WMAN system operates in a tactical environment.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-MPOL-004 SRG-MPOL-004 SRG-MPOL-004_rule Low
Description
If a TRANSEC vulnerability analysis has not been completed, the system may not be designed or configured correctly to mitigate exposure of DoD data, or may be vulnerable to a wireless attack. The purpose of the analysis is to determine the jamming and exploitation risk of a WMAN system based on the design of the system If the WMAN system is a tactical system or a commercial system operated in a tactical environment, the site WMAN system accreditation documentation must include a Transmission Security (TRANSEC) vulnerability analysis. The analysis must include a determination on whether the system has a low probability of exploitation (LPE) for the WMAN signal in space, and list recommended risk mitigation actions. NOTE: This check should only be reviewed during the initial system Certification and Accreditation (C&A).
STIG Date
Mobile Policy Security Requirements Guide 2012-10-10

Details

Check Text ( C-SRG-MPOL-004_chk )
Review the accreditation documentation to determine if the WMAN system is a tactical system or a commercial system used in a tactical environment. Verify a TRANSEC vulnerability analysis was performed on the WMAN system during the system C&A review. The documentation must include the required components: Verification that radio communications are encrypted, including the management, control and data frames, determination of denial of service risks to the network, and probability of LPE for the WMAN signal. If documentation is missing the required analysis and components, this is a finding.

Note: Check with NSA to determine if additional mitigation actions are available.

This requirement is not applicable if the WMAN system is not a tactical system or a commercial system operated in a tactical environment.
Fix Text (F-SRG-MPOL-004_fix)
Commission a TRANSEC analysis for the WMAN system.