Wireless Management Server Policy Security Technical Implementation Guide

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Wireless Management Server Policy Security Technical Implementation Guide

Overview

Version	Date	Finding Count (7)			Downloads
1	2012-09-21 2011-09-30 2011-11-28 2012-02-02 2011-09-30 2011-11-28 2012-07-20 2011-09-30 2011-11-28 2012-07-20 2011-09-30 2011-11-28 2012-07-20 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-11-28 2011-09-30 2011-09-30 2011-06-20 2011-09-30 2011-01-06 2012-02-02	CAT I (High): 1	CAT II (Med): 1	CAT III (Low): 5	Excel	JSON	XML

STIG Description
This STIG contains the policy, training, and operating procedure security controls for the use of wireless management servers in the DoD environment.

Available Profiles

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings (MAC III - Administrative Public)

Finding ID	Severity	Title	Description
V-24957	High	If a data spill (Classified Message Incident (CMI)) occurs on a wireless email device or system at a site, the site must follow required data spill procedures.	If required procedures are not followed after a data spill, classified data could be exposed to unauthorized personnel.
V-24955	Medium	A data spill (Classified Message Incident (CMI)) procedure or policy must be published for site smartphones and tablets.	When a data spill occurs on a smartphone/tablet, classified or sensitive data must be protected to prevent disclosure. After a data spill, the smartphone/tablet must either be wiped using approved...
V-24970	Low	The smartphone management server administrator must receive required training.	The security posture of the smartphone management server could be compromised if the administrator is not trained to follow required procedures.
V-24962	Low	The site Incident Response Plan or other procedure must include procedures to follow when a mobile operating system (OS) based smartphone or tablet device is reported lost or stolen.	Sensitive DoD data could be stored in memory on a DoD operated mobile operating system (OS) based Smartphone and tablet device and the data could be compromised if required actions are not...
V-24969	Low	Required actions must be followed at the site when a smartphone has been lost or stolen.	If procedures for lost or stolen smartphones/tablets are not followed, it is more likely that an adversary could obtain the device and use it to access DoD networks or otherwise compromise DoD IA.
V-28313	Low	Smartphone management server administrator training must be renewed annually.	The smartphone management server administrator must renew required training annually.
V-24971	Low	The IAO at the mobile device management server site must verify local sites, where mobile devices are provisioned, issued, and managed, are conducting annual self assessments.	The security integrity of the mobile device system depends on local sites where mobile devices are provisioned and issued complying with STIG requirements. The risk of malware introduced on a...