DoD network users authorized to remotely connect to the DoD network via a home wireless LAN (WLAN) must use a separate WLAN for DoD computers.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18630	WIR0925	SV-20190r5_rule	ECWN-1	Medium

Description
Untrusted, residential WLAN systems or home/personally-owned computer equipment that has malware installed on it can lead to attacks on DoD computers connected to the same network as the compromised home computers. DoD sites cannot control the security on home computers or Internet browsing of home computers; therefore, sites must assume there is a high risk that home computers have malware installed. DoD computers used for remote wireless access to DoD networks should be separated from home computers and placed on a separate wireless network (DoD residential WLAN) to mitigate malware risks from home computers.

Description

Untrusted, residential WLAN systems or home/personally-owned computer equipment that has malware installed on it can lead to attacks on DoD computers connected to the same network as the compromised home computers. DoD sites cannot control the security on home computers or Internet browsing of home computers; therefore, sites must assume there is a high risk that home computers have malware installed. DoD computers used for remote wireless access to DoD networks should be separated from home computers and placed on a separate wireless network (DoD residential WLAN) to mitigate malware risks from home computers.

STIG	Date
WLAN Client Security Technical Implementation Guide	2011-10-07

Details

Check Text ( C-22319r4_chk )
Detailed Policy Requirements: When DoD network users are authorized to remotely connect to the DoD network via a home WLAN, the following actions must occur: - The home WLAN used for DoD work (DoD Residential WLAN) must be separate from the home WLAN used for personal use (Personal Use Residential WLAN). See the Wireless STIG Overview for an example of a compliant architecture. It is recommended when a site permits teleworking via home wireless systems, the enclave resource manager furnish DoD users with managed DoD residential WLAN equipment. This would allow them to preconfigure, furnish, and monitor the configuration of the DoD residential WLAN equipment. Check Procedures: Interview the IAO to determine if a procedure has been implemented to verify the requirements have been met. NOTE: It is recommended the IAO require home WLAN users provide a screen shot of the management screen of both the DoD Residential WLAN and the Personal Use Residential WLAN to verify this requirement has been met. Mark as a finding if the procedure does not exist or the requirements have not been met.

Check Text ( C-22319r4_chk )

Detailed Policy Requirements:

When DoD network users are authorized to remotely connect to the DoD network via a home WLAN, the following actions must occur:

- The home WLAN used for DoD work (DoD Residential WLAN) must be separate from the home WLAN used for personal use (Personal Use Residential WLAN). See the Wireless STIG Overview for an example of a compliant architecture.

It is recommended when a site permits teleworking via home wireless systems, the enclave resource manager furnish DoD users with managed DoD residential WLAN equipment. This would allow them to preconfigure, furnish, and monitor the configuration of the DoD residential WLAN equipment.

Check Procedures:

Interview the IAO to determine if a procedure has been implemented to verify the requirements have been met.

NOTE: It is recommended the IAO require home WLAN users provide a screen shot of the management screen of both the DoD Residential WLAN and the Personal Use Residential WLAN to verify this requirement has been met.

Mark as a finding if the procedure does not exist or the requirements have not been met.

Fix Text (F-19295r3_fix)
Implement a procedure to ensure that home WLAN users segregate personal and DoD computers on separate WLANs.