Title

If a wireless keyboard or mouse is used with any site computers, then it must follow security requirements. (Cat II impact)

Discussion

The use of unauthorized wireless keyboards and mice can compromise DoD computers, networks, and data. The receiver for a wireless keyboard/mouse provides a wireless port on the computer that could be attacked by a hacker. Wireless keyboard transmissions can be intercepted by a hacker and easily viewed if required security is not used.

Check Content

Detailed Policy Requirements: If a wireless keyboard or mouse is used with any site workstations, the following requirements must be followed: - If WLAN is used for the wireless connection, assign “WLAN Client” asset posture in VMS to the workstation (or PDA) asset and complete WLAN checks assigned to the workstation (or PDA). - If Bluetooth or some other wireless technology is used for the wireless connection, assign “Bluetooth” asset posture in VMS to the workstation (or PDA) asset and complete Bluetooth checks assigned to the workstation(or PDA). Check Procedures: Verify the appropriate VMS wireless posture has been assigned to the workstation asset and the appropriate checks have been completed. Mark as a finding if the requirements are not met. NOTE: Currently, no wireless keyboards or mice meet these requirements. If the wireless mouse/keyboard is using a proprietary RF protocol (i.e., not Bluetooth or 802.11), then apply the Bluetooth checks.

Fix Text

Comply with requirement.

Additional Identifiers

Rule ID: SV-4639r1_rule

Vulnerability ID: V-4639

Group Title: Wireless keyboards and mice

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.