An error occurred:

Check: SRG-MPOL-004

Mobile Policy SRG: SRG-MPOL-004 (in version v1 r2)

Title

The organizations wireless metropolitan area network (WMAN) system accreditation must include a Transmission Security (TRANSEC) vulnerability analysis, if the WMAN system operates in a tactical environment. (Cat III impact)

Discussion

If a TRANSEC vulnerability analysis has not been completed, the system may not be designed or configured correctly to mitigate exposure of DoD data, or may be vulnerable to a wireless attack. The purpose of the analysis is to determine the jamming and exploitation risk of a WMAN system based on the design of the system If the WMAN system is a tactical system or a commercial system operated in a tactical environment, the site WMAN system accreditation documentation must include a Transmission Security (TRANSEC) vulnerability analysis. The analysis must include a determination on whether the system has a low probability of exploitation (LPE) for the WMAN signal in space, and list recommended risk mitigation actions. NOTE: This check should only be reviewed during the initial system Certification and Accreditation (C). This requirement originated in DTM 08-039, "Commercial Wireless Metropolitan Area Network (WMAN) Systems and Technology."

Check Content

Review the accreditation documentation to determine if the WMAN system is a tactical system or a commercial system used in a tactical environment. If the WMAN system is not a tactical system or a commercial system operated in a tactical environment, this requirement is NA. Verify a TRANSEC vulnerability analysis was performed on the WMAN system during the system C&A review. The documentation must include the required components. Verification that radio communications are encrypted, including the management, control and data frames, determination of denial of service risks to the network, and probability of LPE for the WMAN signal. If documentation is missing the required analysis and components, this is a finding. Note: Check with NSA to determine if additional mitigation actions are available.

Fix Text

Include a TRANSEC vulnerability analysis in the WMAN system accreditation if the WMAN system operates in a tactical environment.

Additional Identifiers

Rule ID:

Vulnerability ID: V-35913

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001455

The organization explicitly identifies components needed in support of specific operational requirements.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check