WIDS sensor scan results must be saved for at least one year.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-19896	WIR0145-02	SV-22066r1_rule	ECWN-1	Low

Description
DoDD 8100.2 requires ALL DoD networks use a wireless IDS to scan for unauthorized wireless devices. If sites do not maintain scan logs, it cannot be determined if IDS findings are isolated and harmless events or a more sustained, methodical attack on the system.

STIG	Date
WLAN IDS Sensor/Server Security Technical Implementation Guide (STIG)	2013-03-14

Details

Check Text ( C-25505r1_chk )
Detailed policy requirements: The results of WIDS scans (logs and scan results) shall be maintained by the site for at least one year. Check procedures: Interview the site IAO. Verify the site has saved its scan results for at least one year, viewing one of the older logs to validate the practice. Mark as a finding if the site is not saving the logs/results or is saving them for less than one year.

Check Text ( C-25505r1_chk )

Detailed policy requirements:

The results of WIDS scans (logs and scan results) shall be maintained by the site for at least one year.

Check procedures:

Interview the site IAO. Verify the site has saved its scan results for at least one year, viewing one of the older logs to validate the practice. Mark as a finding if the site is not saving the logs/results or is saving them for less than one year.

Fix Text (F-34073r1_fix)
IAO must ensure WIDS and operating procedures maintain WLAN scan results for at least one year.