Wireless Management Server Policy Security Technical Implementation Guide

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Wireless Management Server Policy Security Technical Implementation Guide

Overview

Version	Date	Finding Count (7)			Downloads
1	2011-09-30 2011-11-28 2012-02-02 2011-11-28 2012-07-20 2012-09-21 2011-11-28 2012-07-20 2012-09-21 2011-11-28 2012-07-20 2011-11-28 2011-11-28 2011-11-28 2011-11-28 2011-11-28 2011-11-28 2011-11-28 2011-11-28 2011-11-28 2011-11-28 2011-11-28 2011-06-20 2012-09-21 2011-01-06 2012-02-02	CAT I (High): 1	CAT II (Med): 1	CAT III (Low): 5	Excel	JSON	XML

STIG Description
This STIG contains the policy, training, and operating procedure security controls for the use of wireless management servers in the DoD environment.

Available Profiles

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings (MAC II - Mission Support Public)

Finding ID	Severity	Title	Description
V-24957	High	If a data spill (Classified Message Incident (CMI)) occurs on a wireless email device or system at a site, the site must follow required data spill procedures.	If required procedures are not followed after a data spill, classified data could be exposed to unauthorized personnel.
V-24955	Medium	A data spill (Classified Message Incident (CMI)) procedure or policy must be published for site smartphones.	When a data spill occurs on a smartphone, classified data must be protected to prevent disclosure. After a data spill, the smartphone must either be wiped using approved procedures, or destroyed...
V-24970	Low	The smartphone management server administrator must receive required training.	The security posture of the smartphone management server could be compromised if the administrator is not trained to follow required procedures.
V-24962	Low	The site Incident Response Plan or other procedure must include procedures to follow when a smartphone is reported lost or stolen.	Sensitive DoD data could be stored in memory on a DoD operated smartphone and the data could be compromised if required actions are not followed when a smartphone is lost or stolen. Without...
V-24969	Low	Required actions must be followed at the site when a smartphone has been lost or stolen.	If procedures for lost or stolen smartphones are not followed, it is more likely that an adversary could obtain the device and use it to access DoD networks or otherwise compromise DoD IA.
V-28313	Low	smartphone management server administrator must receive required training.	The smartphone management server administrator must renew required training annually.
V-24971	Low	The IAO at the smartphone management server site must verify that local sites, where smartphones are provisioned, issued, and managed, are conducting annual self assessments.	The security integrity of the smartphone system depends on local sites where smartphone handhelds are provisioned and issued complying with STIG requirements. The risk of malware introduced on a...