Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35920 | SRG-MPOL-006 | SV-47236r1_rule | Medium |
Description |
---|
Wireless technologies include, but are not limited to, microwave, satellite, packet radio (UHF/VHF), Wi-Fi, and Bluetooth. Wireless networks present similar security risks to those of a wired network, and since the open airwaves are the communications medium for wireless technology, an entirely new set of risks are introduced. Implementing wireless computing and networking capabilities in accordance with the organization defined wireless policy, within organization-controlled boundaries, allowing only authorized and qualified personnel to configure wireless services, and conducting periodic scans for unauthorized wireless access points greatly reduces vulnerabilities. |
STIG | Date |
---|---|
Mobile Policy Security Requirements Guide | 2013-01-24 |
Check Text ( C-44159r1_chk ) |
---|
Review the organization's access control and security policy, procedures addressing wireless implementation and usage (including restrictions), wireless scanning reports, and any other relevant documentation. The objective is to verify the organization has: (i) established a requirement for monitoring the wireless connection environment for unauthorized access, (ii) established a requirement of periodic scans to be conducted for unauthorized wireless access points, and (iii) established a time period at which these activities are to be conducted. If the organization has not defined the time period for monitoring or scanning, this is a finding. |
Fix Text (F-40446r1_fix) |
---|
Define the time period for monitoring of unauthorized wireless connections to information systems to include the time period for performing scans to identify unauthorized wireless access points. |