Information Assurance - Unauthorized Wireless Devices - No Formal Policy and/or Warning Signs

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-245787	IA-11.03.01	SV-245787r770023_rule		Low

Description
Not having a wireless policy and/or warning signs at entrances could result in the unauthorized introduction of wireless devices into classified processing areas. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Encl C, paragraphs 21.i(3). and 22. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: AC-18, AC-18(1), AC-18(2), AC-18(3), AC-18(4) and AC-19 CNSSP No.29, May 2013, National Secret Enclave Connection Policy CNSSP No. 17, January 2014, Policy on Wireless Systems DISN Connection Process Guide: http://disa.mil/network-services/enterprise-connections/connection-process-guide Wireless STIG Mobility Policy Manual STIG DoDD 8100.02, Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DoD) Global Information Grid (GIG), paragraphs 4.2. and 4.3 CNSSI 1400, National Instruction on the use of Mobile Devices within Secure Spaces Joint USD(I) and DoD CIO Memorandum, dated 25, Sep 2015, SUBJECT: Security and Operational Guidance for Classified Portable Electronic Devices

Description

Not having a wireless policy and/or warning signs at entrances could result in the unauthorized introduction of wireless devices into classified processing areas. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Encl C, paragraphs 21.i(3). and 22. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: AC-18, AC-18(1), AC-18(2), AC-18(3), AC-18(4) and AC-19 CNSSP No.29, May 2013, National Secret Enclave Connection Policy CNSSP No. 17, January 2014, Policy on Wireless Systems DISN Connection Process Guide: http://disa.mil/network-services/enterprise-connections/connection-process-guide Wireless STIG Mobility Policy Manual STIG DoDD 8100.02, Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DoD) Global Information Grid (GIG), paragraphs 4.2. and 4.3 CNSSI 1400, National Instruction on the use of Mobile Devices within Secure Spaces Joint USD(I) and DoD CIO Memorandum, dated 25, Sep 2015, SUBJECT: Security and Operational Guidance for Classified Portable Electronic Devices

STIG	Date
Traditional Security Checklist	2022-09-22

Details

Check Text ( C-49218r770021_chk )
1. Check to ensure there is a local wireless policy or SOP. 2. During the walk-around, ensure there is appropriate signage at entrances notifying employees and visitors that wireless devices are not authorized in a classified facility. 3. Check that wireless policy is included in initial briefings for new employees and reinforced periodically such as during annual security refresher training. TACTICAL ENVIRONMENT: The check is applicable to tactical locations where fixed facilities are used for classified processing. Not applicable to mobile/field environments.

Check Text ( C-49218r770021_chk )

1. Check to ensure there is a local wireless policy or SOP.

2. During the walk-around, ensure there is appropriate signage at entrances notifying employees and visitors that wireless devices are not authorized in a classified facility.

3. Check that wireless policy is included in initial briefings for new employees and reinforced periodically such as during annual security refresher training.

TACTICAL ENVIRONMENT: The check is applicable to tactical locations where fixed facilities are used for classified processing. Not applicable to mobile/field environments.

Fix Text (F-49173r770022_fix)
1. A local wireless policy or SOP must be written and available for employee reference. 2. There must be appropriate signage at entrances notifying employees and visitors that wireless devices are not authorized in a classified facility. 3. Wireless policy must be included in initial briefings for new employees and reinforced periodically such as during annual security refresher training.