The organization must provide the DAA the results of a CTTA TEMPEST evaluation of each WMAN system it operates.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-MPOL-031 | SRG-MPOL-031 | SRG-MPOL-031_rule | Low |
| Description |
|---|
| Sensitive and/or classified information could be compromised via a TEMPEST vulnerability. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2012-10-10 |
Details
| Check Text ( C-SRG-MPOL-031_chk ) |
|---|
| Interview the appropriate personnel and review the site's accreditation documentation to verify the department or agency CTTA has completed the required evaluation. If the required evaluation has not been completed, this is a finding. |
| Fix Text (F-SRG-MPOL-031_fix) |
|---|
| Ensure the department or agency Certified TEMPEST Technical Authority (CTTA) has evaluated the system to determine its TEMPEST vulnerability and provided this information to the DAA. |