The organizations wireless metropolitan area network (WMAN) system accreditation must include a Transmission Security (TRANSEC) vulnerability analysis, if the WMAN system operates in a tactical environment.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35913	SRG-MPOL-004	SV-47229r1_rule		Low

Description
If a TRANSEC vulnerability analysis has not been completed, the system may not be designed or configured correctly to mitigate exposure of DoD data, or may be vulnerable to a wireless attack. The purpose of the analysis is to determine the jamming and exploitation risk of a WMAN system based on the design of the system If the WMAN system is a tactical system or a commercial system operated in a tactical environment, the site WMAN system accreditation documentation must include a Transmission Security (TRANSEC) vulnerability analysis. The analysis must include a determination on whether the system has a low probability of exploitation (LPE) for the WMAN signal in space, and list recommended risk mitigation actions. NOTE: This check should only be reviewed during the initial system Certification and Accreditation (C&A). This requirement originated in DTM 08-039, "Commercial Wireless Metropolitan Area Network (WMAN) Systems and Technology."

Description

If a TRANSEC vulnerability analysis has not been completed, the system may not be designed or configured correctly to mitigate exposure of DoD data, or may be vulnerable to a wireless attack. The purpose of the analysis is to determine the jamming and exploitation risk of a WMAN system based on the design of the system If the WMAN system is a tactical system or a commercial system operated in a tactical environment, the site WMAN system accreditation documentation must include a Transmission Security (TRANSEC) vulnerability analysis. The analysis must include a determination on whether the system has a low probability of exploitation (LPE) for the WMAN signal in space, and list recommended risk mitigation actions. NOTE: This check should only be reviewed during the initial system Certification and Accreditation (C&A). This requirement originated in DTM 08-039, "Commercial Wireless Metropolitan Area Network (WMAN) Systems and Technology."

STIG	Date
Mobile Policy Security Requirements Guide	2013-07-03

Details

Check Text ( C-44157r2_chk )
Review the accreditation documentation to determine if the WMAN system is a tactical system or a commercial system used in a tactical environment. If the WMAN system is not a tactical system or a commercial system operated in a tactical environment, this requirement is NA. Verify a TRANSEC vulnerability analysis was performed on the WMAN system during the system C&A review. The documentation must include the required components. Verification that radio communications are encrypted, including the management, control and data frames, determination of denial of service risks to the network, and probability of LPE for the WMAN signal. If documentation is missing the required analysis and components, this is a finding. Note: Check with NSA to determine if additional mitigation actions are available.

Check Text ( C-44157r2_chk )

Review the accreditation documentation to determine if the WMAN system is a tactical system or a commercial system used in a tactical environment.

If the WMAN system is not a tactical system or a commercial system operated in a tactical environment, this requirement is NA.

Verify a TRANSEC vulnerability analysis was performed on the WMAN system during the system C&A review. The documentation must include the required components. Verification that radio communications are encrypted, including the management, control and data frames, determination of denial of service risks to the network, and probability of LPE for the WMAN signal. If documentation is missing the required analysis and components, this is a finding.

Note: Check with NSA to determine if additional mitigation actions are available.

Fix Text (F-40444r1_fix)
Include a TRANSEC vulnerability analysis in the WMAN system accreditation if the WMAN system operates in a tactical environment.