Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-24966 | WIR-SPP-010 | SV-30703r4_rule | ECWN-1 | Low |
Description |
---|
If the policy does not include information on Wi-Fi security controls, then it is more likely that the security controls will not be implemented properly. Wi-Fi is vulnerable to a number of security breaches without appropriate controls. These breaches could involve the interception of sensitive DoD information and the use of the device to connect to DoD networks. |
STIG | Date |
---|---|
Smartphone Policy Security Technical Implementation Guide | 2011-09-30 |
Check Text ( C-31130r4_chk ) |
---|
Detailed Policy Requirements: -The site wireless security policy or wireless remote access policy shall include information on locations where smartphone Wi-Fi access is approved or disapproved. The following locations will be specifically listed in the policy: -Site-managed Wi-Fi access point connected to the NIPRNet (Enclave-NIPRNet Connected) -Site-managed Wi-Fi access point connected to the Internet only (Internet Gateway Only Connection) -Public Wi-Fi Hotspot -Hotel Wi-Fi Hotspot -Home Wi-Fi network (user managed) Note: DoD smartphones will not be used to connect to Public or Hotel Hotspots. Note: Apple iOS devices (iPhone, iPad, and iPod touch) will not be used to connect to site-managed Wi-Fi access points connected to the NIPRNet (Enclave-NIPRNet Connected). Check Procedures: Interview the IAO. Review the site policy. Verify it contains the required information. Mark as a finding if site policy does not contain the required information. |
Fix Text (F-27601r2_fix) |
---|
Smartphone Wi-Fi security policy includes required content. |