The organization must remove the radio on computers with an embedded wireless system before the computer is used to transfer, receive, store, or process classified information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-MPOL-010	SRG-MPOL-010	SRG-MPOL-010_rule		High

Description
The majority of consumer based laptops have wireless network interface cards (NICs) integrated with the computer's motherboard. Although the system administrator may disable these embedded NICs, the user may purposely or accidentally enable the device. These devices may also inadvertently transmit ambient sound or electronic signals. Therefore, simply disabling the transmit capability is not an adequate solution for computers processing classified information. In addition, embedded wireless cards do not meet DoD security requirements for classified wireless usage.

Description

The majority of consumer based laptops have wireless network interface cards (NICs) integrated with the computer's motherboard. Although the system administrator may disable these embedded NICs, the user may purposely or accidentally enable the device. These devices may also inadvertently transmit ambient sound or electronic signals. Therefore, simply disabling the transmit capability is not an adequate solution for computers processing classified information. In addition, embedded wireless cards do not meet DoD security requirements for classified wireless usage.

STIG	Date
Mobile Policy Security Requirements Guide	2012-10-10

Details

Check Text ( C-SRG-MPOL-010_chk )
Review the organization's policy to ensure wireless NICs are required to be removed prior to use in a classified environment. Verify the site has procedures in place to ensure laptops with wireless NICs are not used for classified data processing. Inquire about laptops/PCs used to process classified information that have embedded wireless NICs. No embedded wireless NICs are allowed, including WLAN, Bluetooth, WMAN, cellular, etc. Ensure the NIC is physically removed. Using methods such as tape or software disabling are not acceptable. Determine if the site either purchased laptops without wireless NICs (Wi-Fi, Bluetooth, WiMax, etc.) or physically removed the NICs from laptops. If the site is using embedded wireless NICs in a classified environment, this is a finding. Recommend to the DAA this is a critical finding requiring immediate action.

Check Text ( C-SRG-MPOL-010_chk )

Review the organization's policy to ensure wireless NICs are required to be removed prior to use in a classified environment. Verify the site has procedures in place to ensure laptops with wireless NICs are not used for classified data processing.

Inquire about laptops/PCs used to process classified information that have embedded wireless NICs. No embedded wireless NICs are allowed, including WLAN, Bluetooth, WMAN, cellular, etc.

Ensure the NIC is physically removed. Using methods such as tape or software disabling are not acceptable.

Determine if the site either purchased laptops without wireless NICs (Wi-Fi, Bluetooth, WiMax, etc.) or physically removed the NICs from laptops.

If the site is using embedded wireless NICs in a classified environment, this is a finding. Recommend to the DAA this is a critical finding requiring immediate action.

Fix Text (F-SRG-MPOL-010_fix)
Ensure computers with embedded wireless NICs, that cannot be removed, are not used to transfer, receive, store, or process classified information.