The site wireless policy or wireless remote access policy must include information on required smartphone Wi-Fi security controls.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-24966 | WIR-SPP-010 | SV-30703r3_rule | ECWN-1 | Low |
| Description |
|---|
| Unauthorized and improperly configured smartphone Wi-Fi can allow a hacker to connect to the smartphone and possibably expose sensitive DoD data stored on the smartphone.. |
| STIG | Date |
|---|---|
| Smartphone Policy Security Technical Implementation Guide | 2011-06-20 |
Details
| Check Text ( C-31130r3_chk ) |
|---|
| Detailed Policy Requirements: -The site wireless security policy or wireless remote access policy shall including information on locations where smartphone Wi-Fi access is approved or disapproved. The following locations will be specifically listed in the policy: -Site-managed Wi-Fi access point connected to the NIPRNet (Enclave-NIPRNet Connected) -Site-managed Wi-Fi access point connected to the Internet only (Internet Gateway Only Connection) -Public Wi-Fi Hotspot -Hotel Wi-Fi Hotspot -Home Wi-Fi network (user managed) Note: DoD smartphones will not be used to connect to Public or Hotel Hotspots. Note: Apple iOS devices (iPhone, iPad, and iPod touch) will not be used to connect to site-managed Wi-Fi access points connected to the NIPRNet (Enclave-NIPRNet Connected). Check Procedures: Interview the IAO. Review the site policy. Verify it contains the required information. Mark as a finding if site policy does not contain the required information. |
| Fix Text (F-27601r2_fix) |
|---|
| Smartphone Wi-Fi security policy includes required content. |