The organization must secure all wireless network devices, such as wireless Intrusion Detection System (IDS) and wireless routers, access points, gateways, and controllers to prevent tampering or theft, or must be located in a secure room with limited access.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36002	SRG-MPOL-084	SV-47318r1_rule		Medium

Description
DoD data and the network could be exposed to attack if wireless network devices are not physically protected. The Network Security Officer (NSO) will ensure all wireless network devices (e.g., IDS, routers, servers, Remote Access System (RAS), firewalls, WLAN access points, etc.), wireless management, and email servers are located in a secure room with limited access or otherwise secured to prevent tampering or theft.

Description

DoD data and the network could be exposed to attack if wireless network devices are not physically protected. The Network Security Officer (NSO) will ensure all wireless network devices (e.g., IDS, routers, servers, Remote Access System (RAS), firewalls, WLAN access points, etc.), wireless management, and email servers are located in a secure room with limited access or otherwise secured to prevent tampering or theft.

STIG	Date
Mobile Policy Security Requirements Guide	2013-07-03

Details

Check Text ( C-44239r1_chk )
Ensure all network devices (e.g., IDS, routers, servers, Remote Access System (RAS), firewalls, WLAN access points, etc.) are located in a secure room with limited access or otherwise secured to prevent tampering or theft. For WLAN Access Points: Determine if the WLAN network component of the WLAN system (e.g., access point or bridge) is installed in an unprotected public area where unauthorized personnel can get access to the device. The physical Security Officer may be able to assist in this determination. If yes, the following requirements apply: Note: Access points installed above ceiling tiles in a controlled access area or installed 30 feet above the ground in a controlled access hanger can be considered to be installed in a protected non-public area. The site physical Security Officer should make a determination if a WLAN device installation location should be considered to be an unprotected public area. Determine if the WLAN device has been validated as meeting FIPS 140-2 Level 2, at a minimum, or physically secured by placing it inside a securely mounted, pick-resistant, and lockable enclosure. If the requirements above are not met, this is a finding.

Check Text ( C-44239r1_chk )

Ensure all network devices (e.g., IDS, routers, servers, Remote Access System (RAS), firewalls, WLAN access points, etc.) are located in a secure room with limited access or otherwise secured to prevent tampering or theft.

For WLAN Access Points:
Determine if the WLAN network component of the WLAN system (e.g., access point or bridge) is installed in an unprotected public area where unauthorized personnel can get access to the device. The physical Security Officer may be able to assist in this determination. If yes, the following requirements apply:

Note: Access points installed above ceiling tiles in a controlled access area or installed 30 feet above the ground in a controlled access hanger can be considered to be installed in a protected non-public area. The site physical Security Officer should make a determination if a WLAN device installation location should be considered to be an unprotected public area.

Determine if the WLAN device has been validated as meeting FIPS 140-2 Level 2, at a minimum, or physically secured by placing it inside a securely mounted, pick-resistant, and lockable enclosure.

If the requirements above are not met, this is a finding.

Fix Text (F-40529r1_fix)
Place all network devices (i.e., Intrusion Detection System (IDS), routers, Remote Access System (RAS), firewalls, etc.) in a secure room with limited access or otherwise secure to prevent tampering or theft.