The organization must not permit operation of wireless devices in areas where classified information is electronically stored, processed, or transmitted unless operation is in accordance with DAA-approved CTTA restrictions at the site.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35956	SRG-MPOL-038	SV-47272r1_rule		Medium

Description
The operation of electronic equipment and emanations must be controlled in and around areas where sensitive information is kept or processed. Ensure wireless devices are not operated in areas where classified information is electronically stored, processed, or transmitted unless: - Approved by the DAA in consultation with the Certified TEMPEST Technical Authority (CTTA). - The wireless equipment is separated from the classified data equipment at the minimum distance determined by the CTTA, and appropriate countermeasures, as determined by the CTTA, are implemented.

Description

The operation of electronic equipment and emanations must be controlled in and around areas where sensitive information is kept or processed. Ensure wireless devices are not operated in areas where classified information is electronically stored, processed, or transmitted unless: - Approved by the DAA in consultation with the Certified TEMPEST Technical Authority (CTTA). - The wireless equipment is separated from the classified data equipment at the minimum distance determined by the CTTA, and appropriate countermeasures, as determined by the CTTA, are implemented.

STIG	Date
Mobile Policy Security Requirements Guide	2013-07-03

Details

Check Text ( C-44193r1_chk )
Review documentation and verify the following. Ask for documentation showing the CTTA was consulted about operation and placement of wireless devices. Acceptable proof would be the signature or initials of the CTTA on the architecture diagram or other evidence of coordination. In accordance with DoD policy, the CTTA must have a written separation policy for each classified area; review written policies, training material, or user agreements to see if wireless usage in these areas is addressed; and verify proper procedures for wireless device use in classified areas is addressed in training programs. If any of the following are identified, this is a finding: - CTTA has not designated a separation distance in writing. - DAA has not coordinated with the CTTA. - Users are not trained or made aware (using signage or user agreement) of procedures for wireless device usage in and around classified processing areas. - Site does not have a written procedure prohibiting the use of wireless devices in areas where classified data processing occurs.

Check Text ( C-44193r1_chk )

Review documentation and verify the following. Ask for documentation showing the CTTA was consulted about operation and placement of wireless devices. Acceptable proof would be the signature or initials of the CTTA on the architecture diagram or other evidence of coordination. In accordance with DoD policy, the CTTA must have a written separation policy for each classified area; review written policies, training material, or user agreements to see if wireless usage in these areas is addressed; and verify proper procedures for wireless device use in classified areas is addressed in training programs.

If any of the following are identified, this is a finding:
- CTTA has not designated a separation distance in writing.
- DAA has not coordinated with the CTTA.
- Users are not trained or made aware (using signage or user agreement) of procedures for wireless device usage in and around classified processing areas.
- Site does not have a written procedure prohibiting the use of wireless devices in areas where classified data processing occurs.

Fix Text (F-40483r1_fix)
Do not permit operation of wireless devices in areas where classified information is electronically stored, processed, or transmitted unless operation is in accordance with DAA-approved CTTA restrictions at the site.