Check: WIR0005
Mobile Device Policy STIG (STIG):
WIR0005
(in version v2 r6)
Title
All wireless/mobile systems (including associated peripheral devices, operating system, applications, network/PC connection methods, and services) must be approved by the approval authority prior to installation and use for processing DoD information. (Cat I impact)
Discussion
Unauthorized wireless systems expose DoD networks to attack. The Authorizing Official (AO) and appropriate commanders must be aware of all wireless systems used at the site. AOs should ensure a risk assessment for each system, including associated services and peripherals, is conducted before approving. Accept risks only when needed to meet mission requirements.
Check Content
1. Request copies of written AO approval documentation for wireless/mobile devices used by the site. 2. Verify AO approval for wireless/mobile devices in use at the site. Note: The AO approval for wireless/mobile systems does not need to be documented separately from other AO approval documents for the site network, as long as the approval documents list the wireless/mobile systems in use at the site. For example, if a site network ATO lists the wireless system, the ATO meets the requirements of this check. If the AO has not approved all wireless/mobile devices used at the site, this is a finding.
Fix Text
Obtain AO approval prior to wireless systems being installed and used.
Additional Identifiers
Rule ID: SV-8778r7_rule
Vulnerability ID: V-8283
Group Title: Wireless/mobile systems authorized prior to use
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |