The WMAN site must perform periodic wireless IDS screening in all areas where WMAN coverage exists to prevent unauthorized access, jamming, or electromagnetic interference.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18605	WIR0335	SV-20157r1_rule		Medium

Description
WMAN systems could be at risk of wireless hacker attack if periodic wireless IDS screening is not performed.

STIG	Date
WMAN Access Point Security Technical Implementation Guide (STIG)	2017-12-07

Details

Check Text ( C-22273r1_chk )
Detailed Policy Requirements: Site performs periodic wireless IDS screening in all areas where WMAN coverage exists to prevent unauthorized access, jamming, or electromagnetic interference. Requirements are as follows: - Screening will be performed periodically, at least every 30 days is recommended and at least every 90 days is required. - Screening will be completed within the WMAN bands. (The most common WMAN bands are 2.5 GHz, 3.5 GHz, and 5.8 GHz for fixed WMAN and 2-6 GHz for mobile WMAN.) Note: 5.8 GHz is an unlicensed band. For this band, screening can be done to prevent unauthorized access. But since it is an unlicensed band, the WMAN may experience interference. Therefore, screening for interference in the 5.8 GHz band is not required. - Screening will verify the WMAN radio coverage area limitations that were defined during system design and initial setup have been maintained. NOTE: Reference A1.a in the Wireless STIG states “DoD Components shall actively screen for wireless devices. Active electromagnetic sensing at the DoD or contractor premises to detect/prevent unauthorized access of DoD ISs shall be periodically performed by the cognizant DAA or Defense Security Service office to ensure compliance with the DoD Information Technology Security Certification and Accreditation Process (DITSCAP) ongoing accreditation agreement.” Reference A1.d requires WMAN scanning to ensure that Components develop a capability to determine if unauthorized use of the WMAN system is taking place. This is to ensure that the Component is aware of attempted or on-going attacks. -Scanning logs will be maintained by the site for a period of at least one year. Check Procedures: Interview the IAO and review logs of previous site WMAN wireless IDS screening. - Verify WMAN wireless IDS screening sessions are being performed periodically, as required. - Verify previous site WMAN wireless IDS screening sessions are verifing WMAN radio beam coverage area limitations that were defined during system design and initial setup have been maintained. Mark as a finding if any of these requirements are not met.

Check Text ( C-22273r1_chk )

Detailed Policy Requirements:

Site performs periodic wireless IDS screening in all areas where WMAN coverage exists to prevent unauthorized access, jamming, or electromagnetic interference. Requirements are as follows:

- Screening will be performed periodically, at least every 30 days is recommended and at least every 90 days is required.
- Screening will be completed within the WMAN bands. (The most common WMAN bands are 2.5 GHz, 3.5 GHz, and 5.8 GHz for fixed WMAN and 2-6 GHz for mobile WMAN.)

Note: 5.8 GHz is an unlicensed band. For this band, screening can be done to prevent unauthorized access. But since it is an unlicensed band, the WMAN may experience interference. Therefore, screening for interference in the 5.8 GHz band is not required.

- Screening will verify the WMAN radio coverage area limitations that were defined during system design and initial setup have been maintained.

NOTE: Reference A1.a in the Wireless STIG states “DoD Components shall actively screen for wireless devices. Active electromagnetic sensing at the DoD or contractor premises to detect/prevent unauthorized access of DoD ISs shall be periodically performed by the cognizant DAA or Defense Security Service office to ensure compliance with the DoD Information Technology Security Certification and Accreditation Process (DITSCAP) ongoing accreditation agreement.” Reference A1.d requires WMAN scanning to ensure that Components develop a capability to determine if unauthorized use of the WMAN system is taking place. This is to ensure that the Component is aware of attempted or on-going attacks.

-Scanning logs will be maintained by the site for a period of at least one year.

Check Procedures:

Interview the IAO and review logs of previous site WMAN wireless IDS screening.
- Verify WMAN wireless IDS screening sessions are being performed periodically, as required.
- Verify previous site WMAN wireless IDS screening sessions are verifing WMAN radio beam coverage area limitations that were defined during system design and initial setup have been maintained.
Mark as a finding if any of these requirements are not met.

Fix Text (F-14436r1_fix)
Comply with policy.