Check: SRG-MPOL-009
Mobile Policy SRG:
SRG-MPOL-009
(in version v1 r2)
Title
The organization must confine Wi-Fi and Bluetooth communications to organization-controlled boundaries. (Cat II impact)
Discussion
Wireless technologies controlled by this requirement are only Wi-Fi, and Bluetooth. Wireless networks present similar security risks to those of a wired network, and since the open airwaves are the communications medium for wireless technology, an entirely new set of risks are introduced. Implementing wireless computing and networking capabilities in accordance with the organization defined wireless policy, within organization controlled boundaries, greatly reduces vulnerabilities. Note: Not to be used with Class 1 Bluetooth radios.
Check Content
Review the organization's access control and procedures addressing wireless implementation and usage (including restrictions), security policy, information system configuration settings, restrictions and any other associated documentation, and other relevant documents or records. Ensure the organization has defined and established organization-controlled boundaries for the implementation of Wi-Fi and Bluetooth communications. If wireless boundaries are not defined and controlled, this is a finding.
Fix Text
Define and establish organization controlled boundaries for the implementation of the Wi-Fi and Bluetooth communications.
Additional Identifiers
Rule ID:
Vulnerability ID: V-35928
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001451 |
The organization selects radio antennas and calibrates transmission power levels to reduce the probability that usable signals can be received outside of organization-controlled boundaries. |
Controls
| Number | Title |
|---|---|
| AC-18 (5) |
Antennas / Transmission Power Levels |