UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization must define a frequency of monitoring for unauthorized wireless connections to information systems, including scans for unauthorized wireless access points.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-MPOL-035 SRG-MPOL-035 SRG-MPOL-035_rule Medium
Description
Wireless technologies include, but are not limited to, microwave, satellite, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks present similar security risks to those of a wired network, and since the open airwaves are the communications medium for wireless technology, an entirely new set of risks are introduced. Implementing wireless computing and networking capabilities in accordance with the organization-defined wireless policy, within organization-controlled boundaries, allowing only authorized and qualified personnel to configure wireless services, and conducting periodic scans for unauthorized wireless access points greatly reduces vulnerabilities.
STIG Date
Mobile Policy Security Requirements Guide 2012-10-10

Details

Check Text ( C-SRG-MPOL-035_chk )
Review the organization's access control and security policy, procedures addressing wireless implementation and usage (including restrictions), wireless scanning reports, and any other relevant documentation. The objective is to verify the organization has: (i) established a requirement for monitoring the wireless connection environment for unauthorized access, (ii) established a requirement of periodic scans to be conducted for unauthorized wireless access points, and (iii) established a frequency at which these activities are to be conducted. If the organization has not defined the frequency of monitoring or scanning, this is a finding.
Fix Text (F-SRG-MPOL-035_fix)
Define the frequency of monitoring for unauthorized wireless connections to information systems to include the frequency for performing scans to identify unauthorized wireless access points.