Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18600 | WIR0305 | SV-20149r1_rule | ECWN-1 | Low |
Description |
---|
If the TRANSEC analysis has not been completed, the system may not be designed or configured correctly to mitigate exposure of DoD data or may be vulnerable to a wireless attack. |
STIG | Date |
---|---|
WMAN Access Point Security Technical Implementation Guide (STIG) | 2013-03-14 |
Check Text ( C-22264r1_chk ) |
---|
Detailed Policy Requirements: If the WMAN system is a tactical system or a commercial system operated in a tactical environment, then the site WMAN system DIACAP must include a Transmission Security (TRANSEC) vulnerability analysis, which includes a determination on whether the system has a low probability of explotation (LPE) for the WMAN signal in space and lists recommended risk mitigation actions. NOTE: The purpose of the TRANSEC vulnerability analysis is to determine the jamming and exploitation risk of a WMAN system based on the design of the system. The TRANSEC analysis should include the following components: - Verify radio communications are encrypted including the management, control, and data frames. - Determine denial of service risks to the network. - Check with NSA to determine if additional mitigation actions are available. NOTE: This check should only be reviewed during the initial system Certification and Accreditation (C&A). Check Procedures: Review the SSAA/SSP and other DIACAP documentation. If the WMAN system is a tactical system or a commercial system used in a tactical environment, verify a TRANSEC vulnerability analysis was performed on the WMAN system during the system DIACAP and includes the required components. Mark as a finding if documentation is missing the required analysis and components. |
Fix Text (F-34137r1_fix) |
---|
Commission a TRANSEC analysis for the WMAN system.. |