Title

A site must use a WMAN system in compliance with Committee on National Security Systems Policy (CNSSP) 300: the Department or Agency Certified TEMPEST Technical Authority (CTTA) has evaluated the system to determine its TEMPEST vulnerability and provided this information to the DAA. (Cat III impact)

Discussion

Sensitive or classified information could be compromised via a TEMPEST vulnerability.

Check Content

NOTE: This check should only be reviewed during the initial system Certification and Accreditation (C&A). Interview the IAO and review the site SSAA/SSP or DIACAP documentation to verify the Department or Agency CTTA has completed the required evaluation. Mark as a finding if the required evaluation has not been completed.

Fix Text

Comply with policy.

Additional Identifiers

Rule ID: SV-20174r1_rule

Vulnerability ID: V-18617

Group Title: WMAN TEMPEST compliance

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.