The organizations wireless policy or wireless remote access policy must include information on locations CMD Wi-Fi access is approved or disapproved.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35936 | SRG-MPOL-018 | SV-47252r2_rule | Low |
| Description |
|---|
| If the policy does not include information on Wi-Fi security controls, it is more likely that the security controls will not be implemented properly. Without appropriate controls, Wi-Fi is vulnerable to a number of security breaches. These breaches could involve the interception of sensitive DoD information and the use of the device to connect to DoD networks. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-44173r3_chk ) |
|---|
| Review the site wireless security policy or wireless remote access policy. Verify it contains information on locations where CMD Wi-Fi access is approved or disapproved. The following locations will be specifically listed in the policy: - DoD/Government site-managed Wi-Fi access point connected to the NIPRNet (Enclave-NIPRNet Connected). - DoD/Government site-managed Wi-Fi access point connected to the Internet only (Internet Gateway Only Connection). - Public Wi-Fi Hotspot. - Hotel Wi-Fi Hotspot. - Home Wi-Fi network (user-managed). DoD CMD will not be used to connect to Public or Hotel Hotspots. If the site policy does not contain the required information on required CMD Wi-Fi security controls, this is a finding. Note: Applies to any Wi-Fi System. |
| Fix Text (F-40460r1_fix) |
|---|
| Update the CMD Wi-Fi security policy to include information on locations CMD Wi-Fi access is approved or disapproved. |