Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-MPOL-027 | SRG-MPOL-027 | SRG-MPOL-027_rule | Low |
Description |
---|
Close tracking of authorized wireless devices will facilitate the search for rogue devices. Sites must maintain precise inventory control over wireless and handheld devices used to store, process, and transmit DoD data as these devices can be easily lost or stolen, leading to possible exposure of DoD data. |
STIG | Date |
---|---|
Mobile Policy Security Requirements Guide | 2012-10-10 |
Check Text ( C-SRG-MPOL-027_chk ) |
---|
Review the site's wireless equipment list and verify all minimum data elements listed below are included in the equipment list. Verify all wireless devices used at the site, including infrared mice/keyboards, are included. - Access point Media Access Control (MAC) address (WLAN only), - Access point IP address (WLAN only), - Wireless client MAC address, - Network DHCP range (WLAN & WWAN only), - Type of encryption enabled, - Access point SSID (WLAN only), - Manufacturer, model number, and serial number of wireless equipment, - Equipment location, and - Assigned users with telephone numbers. Verify procedures are in place for ensuring the list is kept up to date. If the equipment list does not exist, all data elements are not tracked, or the list is outdated, this is a finding. This check applies to any wireless end user device (smartphone, tablet, Wi-Fi network interface card, etc.) and wireless network devices (access point, authentication server, etc.). The list of approved wireless devices will be stored in a secure location and will include the following at a minimum: For CMDs: - Manufacturer, model number, and serial number of wireless equipment; - Equipment location or who the device was issued to; - Assigned users with telephone numbers and email addresses. |
Fix Text (F-SRG-MPOL-027_fix) |
---|
Maintain a list of all DAA-approved WLAN devices. The list must be updated as devices are commissioned, and contain the data elements required. |