An error occurred:

Check: SRG-MPOL-085

Mobile Policy SRG: SRG-MPOL-085 (in version v1 r2)

Title

The organization must ensure physical security controls are implemented for Secure WLAN (SWLAN) access points. (Cat II impact)

Discussion

If an adversary is able to gain physical access to a SWLAN device, he/she may be able to compromise the device in a variety of ways, some of which could enable the adversary to obtain classified data. Physical security controls greatly mitigate this risk. The following physical security controls must be implemented for SWLAN access points: - Secure WLAN access points shall be physically secured, and methods shall exist to facilitate the detection of tampering. WLAN APs are part of a communications system and shall have controlled physical security, in accordance with DoDD 5200.08-R. SWLAN access points not within a location that provides limited access shall have controlled physical security with either fencing or inspection. - Either physical inventories or electronic inventories shall be conducted daily by viewing or polling the serial number or MAC address. Access points not stored in a COMSEC-approved security container shall be physically inventoried.

Check Content

Review the physical security controls of the SWLAN access points. - Verify site SWLAN access points are physically secured. - Verify there is some method for alerting site security if the access point has been tampered with. - Determine if site SWLAN access points are in locations that provide limited access to only authorized personnel who are approved to access the access points. - Determine how the site conducts a daily physical inventory of SWLAN access points. Verify that required inventory methods are used, depending on whether the access points are stored in a COMSEC container. If physical security controls are not implemented for SWLAN access points, this is a finding.

Fix Text

Implement required physical security controls for the SWLAN.

Additional Identifiers

Rule ID:

Vulnerability ID: V-36003

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000928

The organization enforces physical access authorizations to the information system in addition to the physical access controls for the facility where the information system resides at organization-defined physical spaces containing one or more components of the information system.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
PE-3 (1)

Information System Access