The organization must confine Wi-Fi and Bluetooth communications to organization-controlled boundaries.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35928 | SRG-MPOL-009 | SV-47244r2_rule | Medium |
| Description |
|---|
| Wireless technologies controlled by this requirement are only Wi-Fi, and Bluetooth. Wireless networks present similar security risks to those of a wired network, and since the open airwaves are the communications medium for wireless technology, an entirely new set of risks are introduced. Implementing wireless computing and networking capabilities in accordance with the organization defined wireless policy, within organization controlled boundaries, greatly reduces vulnerabilities. Note: Not to be used with Class 1 Bluetooth radios. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-44164r1_chk ) |
|---|
| Review the organization's access control and procedures addressing wireless implementation and usage (including restrictions), security policy, information system configuration settings, restrictions and any other associated documentation, and other relevant documents or records. Ensure the organization has defined and established organization-controlled boundaries for the implementation of Wi-Fi and Bluetooth communications. If wireless boundaries are not defined and controlled, this is a finding. |
| Fix Text (F-40451r1_fix) |
|---|
| Define and establish organization controlled boundaries for the implementation of the Wi-Fi and Bluetooth communications. |