Title

The WMAN site must implement required procedures for reporting the results of WMAN intrusion scans. (Cat III impact)

Discussion

If scan results are not properly reported and acted on, then the site could be vulnerable to wireless attack.

Check Content

Detailed Policy Requirements: Site implements the following procedures for reporting the results of WMAN intrusion scans: The site will implement a wireless incident process and plan, as part of the site’s Incident Response Plan, for reporting unauthorized access, jamming, or electromagnetic interference identified during active electromagnetic scanning. The site will establish a Standard Operating Procedure (SOP) to address intrusion, jamming, or electromagnetic interference. Check Procedures: Review the site Incident Response Plan and determine if it includes procedures for reporting unauthorized access, jamming, or electromagnetic interference identified during active electromagnetic scanning. - Determine if the site has an SOP that addresses intrusion, jamming, or electromagnetic interference. Mark as a finding if either of these requirements are not met.

Fix Text

Comply with policy.

Additional Identifiers

Rule ID: SV-20158r1_rule

Vulnerability ID: V-18606

Group Title: WMAN IDS reporting

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.