UCF STIG Viewer Logo

Mobility Policy Security Technical Implementation Guide (STIG)


Date Finding Count (9)
2013-03-12 CAT I (High): 3 CAT II (Med): 3 CAT III (Low): 3
STIG Description
This STIG provides policy, training, and operating procedure security controls for the use of mobile/wireless devices and systems in the DoD environment. This STIG applies to any mobile/wireless device (such as WLAN Access Points and clients, Bluetooth devices, smartphones and cell phones, tablets, wireless keyboards and mice, and wireless remote access devices) used to store, process, transmit or receive DoD information. The previous version of this STIG was called the General Wireless Policy STIG (V1R9). Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-12072 High Wireless devices must not be allowed in a permanent, temporary, or mobile Sensitive Compartmented Information Facilities (SCIFs), unless approved by the SCIF Cognizant Security Authority (CSA) in accordance with Intelligence Community Directive 503 and Director Central Intelligence Directive (DCID) 6/9, the DAA, and the site Special Security Officer (SSO).
V-8283 High All wireless/mobile systems (including associated peripheral devices, operating system, applications, network/PC connection methods, and services) must be approved by the approval authority prior to installation and use for processing DoD information.
V-19813 High Computers with an embedded wireless system must have the radio removed before the computer is used to transfer, receive, store, or process classified information.
V-14894 Medium All wireless network devices, such as wireless Intrusion Detection System (IDS) and wireless routers, access points, gateways, and controllers must be located in a secure room with limited access or otherwise secured to prevent tampering or theft.
V-15782 Medium Personnally owned or contractor owned CMDs must not be used to transmit, receive, store, or process DoD information or connect to DoD networks.
V-12106 Medium Wireless devices must not be operated in areas where classified information is electronically stored, processed, or transmitted unless required conditions are followed.
V-13982 Low All users of mobile devices or wireless devices must sign a user agreement before the mobile or wireless device is issued to the user and the user agreement used at the site must include required content.
V-8297 Low Wireless devices connecting directly or indirectly to the network must be included in the site security plan.
V-8284 Low The site IAO must maintain a list of all DAA-approved wireless and non-wireless PED devices that store, process, or transmit DoD information.