RFID Scanner Security Technical Implementation Guide

Version	Date	Finding Count (3)			Downloads
6	2011-10-07 2013-03-14 2013-03-14 2013-03-14 2013-03-14 2014-03-18 2014-03-18 2014-03-18 2014-03-18 2014-03-18 2014-03-18 2014-03-18 2014-03-18 2014-03-18	CAT I (High): 0	CAT II (Med): 2	CAT III (Low): 1	Excel	JSON	XML

STIG Description
This STIG contains the technical security controls for the operation of a RFID Scanner in the DoD environment.

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Finding ID	Severity	Title	Description
V-18856	Medium	Removable memory cards (e.g., MicroSD) must use a FIPS 140-2 validated encryption module to bind the card to a particular device such that the data on the card is not readable on any other device.	Memory card used to transfer files between PCs and PDAs is a migration path for the spread of malware on DoD computers and handheld devices. These risks are mitigated by the requirements listed...
V-18625	Medium	PDA and Smartphones that are connected to DoD Windows computers via a USB connection must be compliant with requirements.	PDAs with flash memory can introduce malware to a PC when they are connected for provisioning of the PDA or to transfer data between the PC and PDA, particularly if the PDA is seen by the PC as a...
V-18620	Low	Sensitive or Personally Identifiable Information (PII) must not be transferred between an RFID tag and RFID scanner unless the information is encrypted using a FIPS 140-2 validated encryption module.	Sensitive or PII info could be compromised if it is not encrypted because adversaries often can intercept wireless signals transmitted between an RFID interrogator and tag. Using FIPS 140-2...