An error occurred:

Check: SRG-MPOL-029

Mobile Policy SRG: SRG-MPOL-029 (in version v1 r2)

Title

The organization must maintain a list of all DAA-approved wireless and non-wireless devices under their control that store, process, or transmit DoD information. (Cat III impact)

Discussion

Close tracking of authorized wireless devices will facilitate the search for rogue devices. Sites must maintain precise inventory control over wireless and handheld devices used to store, process, and transmit DoD data as these devices can be easily lost or stolen, leading to possible exposure of DoD data.

Check Content

Review the site's wireless equipment list and verify all minimum data elements listed below are included in the equipment list. This check applies to any wireless end user device (e.g., CMD, Wi-Fi network interface card) and wireless network devices (e.g., access point, authentication server). The list of approved wireless devices will be stored in a secure location and will include the following at a minimum: For CMDs: - Manufacturer, model number, and serial number of wireless equipment. - Equipment location or who the device was issued to. - Assigned users with telephone numbers and email addresses. Verify all wireless devices used at the site, including infrared mice/keyboards, are included: - Access point Media Access Control (MAC) address (WLAN only). - Access point IP address (WLAN only). - Wireless client MAC address. - Network DHCP range (WLAN & WWAN only). - Type of encryption enabled. - Access point SSID (WLAN only). - Manufacturer, model number, and serial number of wireless equipment. - Equipment location - Assigned users with telephone numbers. Verify procedures are in place for ensuring the list is kept up to date. If the equipment list does not exist, all data elements are not tracked, or the list is outdated, this is a finding.

Fix Text

Maintain a list of all DAA-approved WLAN devices under the organization's control. The list must be updated as devices are commissioned, and contain the data elements required.

Additional Identifiers

Rule ID:

Vulnerability ID: V-35947

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001441

The organization authorizes wireless access to the information system prior to allowing such connections.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-18

Wireless Access