Check: WIR0020
CSfC Campus WLAN Policy Security Implementation Guide:
WIR0020
(in version v1 r2)
Title
Wireless devices connecting directly or indirectly to the network must be included in the site security plan. (Cat III impact)
Discussion
The DAA and site commander must be aware of all approved wireless devices used at the site or DoD data could be exposed to unauthorized people. Documentation of the enclave configuration must include all attached systems. If the current configuration cannot be determined, then it is difficult to apply security policies effectively. Security is particularly important for wireless technologies attached to the enclave network because these systems increase the potential for eavesdropping and other unauthorized access to network resources.
Check Content
Review the site security plan. 1. Wireless network devices, such as access points, laptops, CMDs, and wireless peripherals (keyboards, pointers, etc.) using a wireless network protocol, such as Bluetooth, 802.11, or proprietary protocols must be documented in the site security plan. 2. A general statement in the site security plan permitting the various types of wireless network devices used by the site is acceptable rather than a by-model listing, for example, “wireless devices of various models are permitted as long as they are configured in accordance with the Wireless STIG”. Mark as a finding if a DAA-approved site security plan does not exist or if it has not been updated.
Fix Text
Ensure devices connecting directly or indirectly (data synchronization) to the network are added to the site's site security plan. (For example, it may say wireless devices of various models are permitted but only when configured in accordance with the Wireless STIG or other such specified restriction.)
Additional Identifiers
Rule ID: SV-8792r5_rule
Vulnerability ID: V-8297
Group Title: Site security plan includes wireless system/equipment
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |