Unclassified wireless devices must not be operated in Secure Spaces (as defined in DoDI 8420.01) unless required conditions are followed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-12106	WIR0040	SV-12659r5_rule		Medium

Description
The operation of electronic equipment and emanations must be controlled in and around areas where sensitive information is kept or processed. Sites should post signs and train users to this requirement to mitigate this vulnerability.

STIG	Date
Network Infrastructure Policy Security Technical Implementation Guide	2016-07-11

Details

Check Text ( C-8122r5_chk )
Detailed Policy Requirements: DoD Components may operate unclassified WLAN systems and WLAN-enabled PEDs in secure spaces when classified systems are turned off and RF transmitter separation is implemented in accordance with CNSS Advisory Memorandum TEMPEST/1-13, the Mobile Policy SRG, and the Network Policy and Mobility Policy STIGs. The ISSO will ensure unclassified wireless devices are not operated in areas where classified information is electronically stored, processed, or transmitted unless: - Approved by the AO. - The unclassified wireless equipment is separated from the classified data equipment at the minimum distance described in CNSS Advisory Memorandum TEMPEST/1-13. - Classified processing equipment is turned off. Review written policies, training material, or user agreements to see if wireless usage in these areas is addressed. Verify proper procedures for wireless device use in classified areas is addressed in training program. Review documentation. Work with the traditional security reviewer to verify the following: If classified information is not processed at this site, this is not a finding. If any of the following are found, this is a finding: - Unclassified wireless equipment is being operated in a Secure Space while classified equipment is turned on. - AO has not approved the use of unclassified wireless equipment in the Secure Space. - Users are not trained or made aware (using signage or user agreement) of procedures for wireless device usage in and around classified processing areas.

Check Text ( C-8122r5_chk )

Detailed Policy Requirements:
DoD Components may operate unclassified WLAN systems and WLAN-enabled PEDs in secure spaces when classified systems are turned off and RF transmitter separation is implemented in accordance with CNSS Advisory Memorandum TEMPEST/1-13, the Mobile Policy SRG, and the Network Policy and Mobility Policy STIGs.

The ISSO will ensure unclassified wireless devices are not operated in areas where classified information is electronically stored, processed, or transmitted unless:
- Approved by the AO.
- The unclassified wireless equipment is separated from the classified data equipment at the minimum distance described in CNSS Advisory Memorandum TEMPEST/1-13.
- Classified processing equipment is turned off.

Review written policies, training material, or user agreements to see if wireless usage in these areas is addressed. Verify proper procedures for wireless device use in classified areas is addressed in training program.
Review documentation. Work with the traditional security reviewer to verify the following:

If classified information is not processed at this site, this is not a finding.

If any of the following are found, this is a finding:
- Unclassified wireless equipment is being operated in a Secure Space while classified equipment is turned on.
- AO has not approved the use of unclassified wireless equipment in the Secure Space.
- Users are not trained or made aware (using signage or user agreement) of procedures for wireless device usage in and around classified processing areas.

Fix Text (F-3423r3_fix)
Central Computer and Telecommunication Agency (CTTA) must designate a separation distance in writing. AO must coordinate with the CTTA. Train users or get a signed user agreement on procedures for wireless device usage in and around classified processing areas.