Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35936 | SRG-MPOL-018 | SV-47252r1_rule | Low |
Description |
---|
If the policy does not include information on Wi-Fi security controls, it is more likely that the security controls will not be implemented properly. Without appropriate controls, Wi-Fi is vulnerable to a number of security breaches. These breaches could involve the interception of sensitive DoD information and the use of the device to connect to DoD networks. |
STIG | Date |
---|---|
Mobile Policy Security Requirements Guide | 2013-01-24 |
Check Text ( C-44173r1_chk ) |
---|
Review the site wireless security policy or wireless remote access policy. Verify it contains information on locations where CMD Wi-Fi access is approved or disapproved. The following locations will be specifically listed in the policy: - DoD/Government site-managed Wi-Fi access point connected to the NIPRNet (Enclave-NIPRNet Connected). - DoD/Government site-managed Wi-Fi access point connected to the Internet only (Internet Gateway Only Connection). - Public Wi-Fi Hotspot. - Hotel Wi-Fi Hotspot. - Home Wi-Fi network (user-managed). DoD CMD will not be used to connect to Public or Hotel Hotspots. If the site policy does not contain the required information on required CMD Wi-Fi security controls, this is a finding. |
Fix Text (F-40460r1_fix) |
---|
Update the CMD Wi-Fi security policy to include information on locations CMD Wi-Fi access is approved or disapproved. |