An error occurred:

Check: WIR0305

WMAN Access Point STIG (STIG): WIR0305 (in versions v6 r13 through v6 r11)

Title

If the WMAN system is a tactical system or a commercial system operated in a tactical environment, the site WMAN system DIACAP must include a Transmission Security (TRANSEC) vulnerability analysis. (Cat III impact)

Discussion

If the TRANSEC analysis has not been completed, the system may not be designed or configured correctly to mitigate exposure of DoD data or may be vulnerable to a wireless attack.

Check Content

Detailed Policy Requirements: If the WMAN system is a tactical system or a commercial system operated in a tactical environment, then the site WMAN system DIACAP must include a Transmission Security (TRANSEC) vulnerability analysis, which includes a determination on whether the system has a low probability of explotation (LPE) for the WMAN signal in space and lists recommended risk mitigation actions. NOTE: The purpose of the TRANSEC vulnerability analysis is to determine the jamming and exploitation risk of a WMAN system based on the design of the system. The TRANSEC analysis should include the following components: - Verify radio communications are encrypted including the management, control, and data frames. - Determine denial of service risks to the network. - Check with NSA to determine if additional mitigation actions are available. NOTE: This check should only be reviewed during the initial system Certification and Accreditation (C&A). Check Procedures: Review the SSAA/SSP and other DIACAP documentation. If the WMAN system is a tactical system or a commercial system used in a tactical environment, verify a TRANSEC vulnerability analysis was performed on the WMAN system during the system DIACAP and includes the required components. Mark as a finding if documentation is missing the required analysis and components.

Fix Text

Commission a TRANSEC analysis for the WMAN system..

Additional Identifiers

Rule ID: SV-20149r1_rule

Vulnerability ID: V-18600

Group Title: WMAN TRANSEC analysis

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check