The organization must maintain a SIPRNet connection approval package with the Classified Connection Approval Office (CCAO) when connecting a Secure WLAN (SWLAN) to SIPRNet.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35938 | SRG-MPOL-020 | SV-47254r1_rule | High |
| Description |
|---|
| The CCAO approval process provides assurance that the SWLAN use is appropriate and does not introduce unmitigated risks into the SIPRNet. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-44175r1_chk ) |
|---|
| Verify the SWLAN system CCAO approval documentation exists, has been approved, and has a SIPRNet Interim Approval to Operate (IATO) or Approval to Operate (ATO) in the GIAP database. Verify the SWLAN system is included in the accreditation documentation and is signed by the DAA. If the SIPRNet connection approval package is not on file with the CCAO, this is a finding. |
| Fix Text (F-40463r1_fix) |
|---|
| Disable or remove the non-compliant SWLAN until the site has all required approvals for operation. |