UCF STIG Viewer Logo

The organization must maintain a list of all DAA-approved wireless and non-wireless devices under their control that store, process, or transmit DoD information.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35947 SRG-MPOL-029 SV-47263r1_rule Low
Description
Close tracking of authorized wireless devices will facilitate the search for rogue devices. Sites must maintain precise inventory control over wireless and handheld devices used to store, process, and transmit DoD data as these devices can be easily lost or stolen, leading to possible exposure of DoD data.
STIG Date
Mobile Policy Security Requirements Guide 2013-07-03

Details

Check Text ( C-44184r2_chk )
Review the site's wireless equipment list and verify all minimum data elements listed below are included in the equipment list. This check applies to any wireless end user device (e.g., CMD, Wi-Fi network interface card) and wireless network devices (e.g., access point, authentication server). The list of approved wireless devices will be stored in a secure location and will include the following at a minimum:

For CMDs:
- Manufacturer, model number, and serial number of wireless equipment.
- Equipment location or who the device was issued to.
- Assigned users with telephone numbers and email addresses.

Verify all wireless devices used at the site, including infrared mice/keyboards, are included:
- Access point Media Access Control (MAC) address (WLAN only).
- Access point IP address (WLAN only).
- Wireless client MAC address.
- Network DHCP range (WLAN & WWAN only).
- Type of encryption enabled.
- Access point SSID (WLAN only).
- Manufacturer, model number, and serial number of wireless equipment.
- Equipment location
- Assigned users with telephone numbers.

Verify procedures are in place for ensuring the list is kept up to date. If the equipment list does not exist, all data elements are not tracked, or the list is outdated, this is a finding.
Fix Text (F-40472r1_fix)
Maintain a list of all DAA-approved WLAN devices under the organization's control. The list must be updated as devices are commissioned, and contain the data elements required.