The organization must include each wireless device connecting to a DoD network in the applicable site's System Security Plan (SSP).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-MPOL-028	SRG-MPOL-028	SRG-MPOL-028_rule		Low

Description
The DAA and site commander must be aware of all approved wireless devices used at the site or DoD data may be exposed to unauthorized individuals. Documentation of the enclave configuration must include all attached systems. If the current configuration cannot be determined, then it is difficult to apply security policies effectively. Security is particularly important for wireless technologies attached to the enclave network because these systems increase the potential for eavesdropping and other unauthorized access to network resources.

Description

The DAA and site commander must be aware of all approved wireless devices used at the site or DoD data may be exposed to unauthorized individuals. Documentation of the enclave configuration must include all attached systems. If the current configuration cannot be determined, then it is difficult to apply security policies effectively. Security is particularly important for wireless technologies attached to the enclave network because these systems increase the potential for eavesdropping and other unauthorized access to network resources.

STIG	Date
Mobile Policy Security Requirements Guide	2012-10-10

Details

Check Text ( C-SRG-MPOL-028_chk )
Review the SSP. Wireless network devices, such as access points, laptops, CMDs and wireless peripherals (keyboards, pointers, etc.) using a wireless network protocol, such as Bluetooth, 802.11, or proprietary protocols must be documented in the SSP. A general statement in the SSP permitting the various types of wireless network devices used by the site is acceptable rather than a by-model listing, for example, "wireless devices of various models are permitted as long as they are configured in accordance with the Wireless STIG". If a DAA-approved SSP does not exist or if it has not been updated, this is a finding.

Check Text ( C-SRG-MPOL-028_chk )

Review the SSP. Wireless network devices, such as access points, laptops, CMDs and wireless peripherals (keyboards, pointers, etc.) using a wireless network protocol, such as Bluetooth, 802.11, or proprietary protocols must be documented in the SSP. A general statement in the SSP permitting the various types of wireless network devices used by the site is acceptable rather than a by-model listing, for example, "wireless devices of various models are permitted as long as they are configured in accordance with the Wireless STIG". If a DAA-approved SSP does not exist or if it has not been updated, this is a finding.

Fix Text (F-SRG-MPOL-028_fix)
Ensure devices connecting directly or indirectly (data synchronization) to the network are added to the site's SSP.