Wireless Management Server Policy Security Technical Implementation Guide

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Wireless Management Server Policy Security Technical Implementation Guide

Overview

Version	Date	Finding Count (6)			Downloads
1	2011-01-06 2011-09-30 2011-11-28 2012-02-02 2011-09-30 2011-11-28 2012-07-20 2012-09-21 2011-09-30 2011-11-28 2012-07-20 2012-09-21 2011-09-30 2011-11-28 2012-07-20 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-09-30 2011-06-20 2012-09-21 2011-09-30 2012-02-02	CAT I (High): 1	CAT II (Med): 1	CAT III (Low): 4	Excel	JSON	XML

STIG Description
This STIG contains the policy, training, and operating procedure security controls for the use of wireless management servers in the DoD environment.

Available Profiles

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings (MAC II - Mission Support Public)

Finding ID	Severity	Title	Description
V-24957	High	If a data spill (Classified Message Incident (CMI)) occurs on a wireless email device or system at a site, the site will follow required procedures.	If required procedures are not followed after a data spill, classified data could be exposed to unauthorized personnel.
V-24955	Medium	A data spill (Classified Message Incident (CMI)) procedure or policy will be published for site smartphones.	When a data spill occurs on a smartphone, classified data must be protected to prevent disclosure.
V-24970	Low	The smartphone management server admin will receive required training.	The security posture of the smartphone management server could be compromised if the admin is not trained to follow required procedures.
V-24962	Low	The site Incident Response Plan or other procedure will include procedures to follow when a smartphone is reported lost or stolen.	DoD data could be compromised if required actions are not followed.
V-24969	Low	Required actions will be followed at the site when a smartphone has been lost or stolen.	DoD data could be compromised if required actions are not followed.
V-24971	Low	The IAO at the smartphone management server site will verify that local sites, where smartphones are provisioned, issued, and managed, are conducting annual self assessments.	The security integrity of the smartphone system depends on local sites where smartphone handhelds are provisioned and issued complying with STIG requirements. The risk of malware introduced on a...