The organization must confine wireless communications to organization-controlled boundaries.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-MPOL-039	SRG-MPOL-039	SRG-MPOL-039_rule		Medium

Description
Wireless technologies include, but are not limited to, microwave, satellite, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks present similar security risks to those of a wired network, and since the open airwaves are the communications medium for wireless technology, an entirely new set of risks are introduced. Implementing wireless computing and networking capabilities in accordance with the organization-defined wireless policy, within organization controlled boundaries, greatly reduces vulnerabilities.

Description

Wireless technologies include, but are not limited to, microwave, satellite, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks present similar security risks to those of a wired network, and since the open airwaves are the communications medium for wireless technology, an entirely new set of risks are introduced. Implementing wireless computing and networking capabilities in accordance with the organization-defined wireless policy, within organization controlled boundaries, greatly reduces vulnerabilities.

STIG	Date
Mobile Policy Security Requirements Guide	2012-10-10

Details

Check Text ( C-SRG-MPOL-039_chk )
Review the organization's access control and procedures addressing wireless implementation and usage (including restrictions), security policy, information system configuration settings, restrictions and any other associated documentation, and other relevant documents or records. Ensure the organization has defined and established organization-controlled boundaries for the implementation of their wireless communications environment. The organization should take steps, including placement of Wi-Fi access points, and adjusting the transmit power of Wi-Fi access points, to limit the access point from transmitting outside the boundary area of the facility or base under control of the DoD organization. If wireless boundaries are not defined and controlled, this is a finding.

Check Text ( C-SRG-MPOL-039_chk )

Review the organization's access control and procedures addressing wireless implementation and usage (including restrictions), security policy, information system configuration settings, restrictions and any other associated documentation, and other relevant documents or records. Ensure the organization has defined and established organization-controlled boundaries for the implementation of their wireless communications environment. The organization should take steps, including placement of Wi-Fi access points, and adjusting the transmit power of Wi-Fi access points, to limit the access point from transmitting outside the boundary area of the facility or base under control of the DoD organization. If wireless boundaries are not defined and controlled, this is a finding.

Fix Text (F-SRG-MPOL-039_fix)
Define and establish organization controlled boundaries for the implementation of the wireless communications environment.