Title

The Incident Response Plan (IRP) and/or SOP must have the required procedures for reporting the results of WMAN intrusion scans. (Cat III impact)

Discussion

If scan results are not properly reported and acted on, the site could be vulnerable to wireless attack. This requirement originated in DTM 08-039, "Commercial Wireless Metropolitan Area Network (WMAN) Systems and Technology."

Check Content

Review the site Incident Response Plan (IRP) or Standard Operating Procedure (SOP) to determine if it includes procedures for reporting unauthorized access, intrusion, jamming, or electromagnetic interference identified during active electromagnetic scanning for wireless systems that connect directly to DoD networks. If the IRP or SOP does not address these requirements, this is a finding.

Fix Text

Update the IRP and/or SOP to have the required procedures for reporting the results of WMAN intrusion scans.

Additional Identifiers

Rule ID:

Vulnerability ID: V-35941

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.