Check: WIR0010-02
General Wireless Policy:
WIR0010-02
(in version v1 r7)
Title
If DAA has approved the use of personally-owned or contractor owned PEDs, the owner must sign a forfeiture agreement in case of a security incident. (Cat III impact)
Discussion
The use of unauthorized personally-owned or contractor-owned wireless devices to receive, store, process or transmit DoD data could expose sensitive DoD data to unauthorized people. The use of personally-owned/contractor-owned PEDs must be controlled by the site. Users must agree to forfeit the PED when security incidents occur, follow all required security procedures, and install required software in order to protect the DoD network.
Check Content
This check is not applicable if the DAA has not approved the use of personally-owned or contractor-owned devices. When personally-owned PEDs are used to transmit, receive, store, or process DoD information, the owner must sign a forfeiture agreement in case of a security incident. The reviewer should obtain a copy of the signed forfeiture agreement for a sample of users (2-3) that have been approved to use personally-owned devices. Mark as a finding if signed forfeiture agreements are not available.
Fix Text
If the DAA has approved the use of personally-owned PEDs, have the owner sign a forfeiture agreement in case of a security incident.
Additional Identifiers
Rule ID: SV-36042r3_rule
Vulnerability ID: V-28314
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |