The organization's wireless policy or wireless remote access policy must include information on required smartphone Wi-Fi security controls.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-MPOL-013 | SRG-MPOL-013 | SRG-MPOL-013_rule | Low |
| Description |
|---|
| If the policy does not include information on Wi-Fi security controls, it is more likely that the security controls will not be implemented properly. Without appropriate controls, Wi-Fi is vulnerable to a number of security breaches. These breaches could involve the interception of sensitive DoD information and the use of the device to connect to DoD networks. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2012-10-10 |
Details
| Check Text ( C-SRG-MPOL-013_chk ) |
|---|
| Review the site wireless security policy or wireless remote access policy. Verify it contains information on locations where smartphone Wi-Fi access is approved or disapproved. The following locations will be specifically listed in the policy: - Site-managed Wi-Fi access point connected to the NIPRNet (Enclave-NIPRNet Connected); - Site-managed Wi-Fi access point connected to the Internet only (Internet Gateway Only Connection); - Public Wi-Fi; Hotspot; - Hotel Wi-Fi Hotspot; - Home Wi-Fi network (user-managed). DoD smartphones will not be used to connect to Public or Hotel Hotspots. If the site policy does not contain the required information on required smartphone Wi-Fi security controls, this is a finding. |
| Fix Text (F-SRG-MPOL-013_fix) |
|---|
| Ensure the smartphone Wi-Fi security policy includes information regarding locations of smartphone Wi-Fi access. |