If a wireless keyboard or mouse is used with any site computers, then it must follow security requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4639 | WIR0535 | SV-4639r1_rule | ECWN-1 | Medium |
| Description |
|---|
| The use of unauthorized wireless keyboards and mice can compromise DoD computers, networks, and data. The receiver for a wireless keyboard/mouse provides a wireless port on the computer that could be attacked by a hacker. Wireless keyboard transmissions can be intercepted by a hacker and easily viewed if required security is not used. |
| STIG | Date |
|---|---|
| Wireless Keyboard and Mouse Security Technical Implementation Guide (STIG) | 2014-03-18 |
Details
| Check Text ( C-4009r1_chk ) |
|---|
| Detailed Policy Requirements: If a wireless keyboard or mouse is used with any site workstations, the following requirements must be followed: - If WLAN is used for the wireless connection, assign “WLAN Client” asset posture in VMS to the workstation (or PDA) asset and complete WLAN checks assigned to the workstation (or PDA). - If Bluetooth or some other wireless technology is used for the wireless connection, assign “Bluetooth” asset posture in VMS to the workstation (or PDA) asset and complete Bluetooth checks assigned to the workstation(or PDA). Check Procedures: Verify the appropriate VMS wireless posture has been assigned to the workstation asset and the appropriate checks have been completed. Mark as a finding if the requirements are not met. NOTE: Currently, no wireless keyboards or mice meet these requirements. If the wireless mouse/keyboard is using a proprietary RF protocol (i.e., not Bluetooth or 802.11), then apply the Bluetooth checks. |
| Fix Text (F-19256r1_fix) |
|---|
| Comply with requirement. |