| Wireless services enable users within close proximity of access points to have access to data and services within the private network. The security boundary of a Wireless LAN extends from the client device to the network boundary where network access is controlled. This boundary represents the portion of the network most vulnerable to attack and must be protected. Wireless access introduces security risks which must be addressed through implementation of strict controls and procedures such as, authentication, encryption, and defining what resources can be accessed.
Use of unapproved devices to process nonpublicly releasable data increases the risk to the network. Devices attached to or inserted into the end point's plug-and-play ports and slots can be a vector for the insertion of malware when used to access the network. Storage devices are portable and can be easily concealed. Requiring approval prior to use these devices heightens awareness of the threat, limits the potential use of contaminated devices, and allows for proper tracking and control. Designated Approval Authority (DAA) approval of flash memory devices is required by the United States Cyber Command (USCYBERCOM) Communications Task Order (CTO) 10-004A Removable Flash Media Device Implementation within and between Department of Defense (DoD) Networks (U/FOUO) (or latest version of this CTO). This requirement is applicable to network wireless access and is not applicable to the routing function. |
