UCF STIG Viewer Logo

Information Assurance - Unauthorized Wireless Devices - Portable Electronic Devices (PEDs) Used in Classified Processing Areas without Certified TEMPEST Technical Authority (CTTA) Review and Designated Accrediting Authority (DAA) Approval


Overview

Finding ID Version Rule ID IA Controls Severity
V-31128 IA-11.02.01 SV-41275r2_rule ECWN-1 Medium
Description
Allowing wireless devices in the vicinity of classified processing or discussion could directly result in the loss or compromise of classified or sensitive information either intentionally or accidentally.
STIG Date
Traditional Security 2013-07-11

Details

Check Text ( C-39822r3_chk )
1. Check to ensure that unauthorized wireless devices (PEDs such as cell phones, blackberrys, laptops, etc.) are not being used in areas where classified systems or machines (SIPRNet) are in use.

2. If PED usage in classified processing areas is permitted by the site, check to ensure there is specific written DAA approval and that a CTTA has assessed the environment and that any resulting recommended TEMPEST countermeasures have been implemented.

TACTICAL ENVIRONMENT: The check is applicable for ALL classified processing environments.
Fix Text (F-35021r2_fix)
1. Unauthorized wireless devices (PEDs such as cell phones, blackberrys, laptops, etc.) must not be permitted for use in areas where classified systems or machines (SIPRNet) are in use.

2. If PED usage in classified processing areas is permitted, there must be specific written DAA approval and a CTTA assessment of the environment and any resulting recommended TEMPEST countermeasures must be implemented.