Title

NSA Type1 products and required procedures must be used to protect classified data at rest (DAR) on wireless devices used on a classified WLAN or WMAN. (Cat I impact)

Discussion

NSA Type 1 products provide a high level of assurance that cryptography is implemented correctly and meets the standards for storage of classified information. Use of cryptography that is not Type 1 certified violates policy and increases the risk that classified data will be compromised.

Check Content

Detailed Policy requirements: Type 1 products and required procedures must be used to protect classified data-at-rest on wireless computers that are used on a classified WLAN or WMAN. If NSA Type1 certified DAR encryption is not available, the following requirements apply: - The storage media shall be physically removed from the computer and stored within a COMSEC-approved security container when the computer is not being used. - The entire computer shall be placed within a COMSEC-approved security container, if the computer has embedded storage media that cannot be removed. Check Procedures: Interview the IAO to determine if devices with wireless functionality (e.g., laptops or PDAs with embedded radios) are used to store classified data. If yes, verify the device is an NSA Type 1 certified product. Mark as a finding if a Type 1 product is not used, or if the storage media or device is not stored in a COMSEC-approved security container when not in use.

Fix Text

Immediately discontinue use of the non-compliant device.

Additional Identifiers

Rule ID: SV-3512r1_rule

Vulnerability ID: V-3512

Group Title: Classified wireless Type 1 DAR encryption

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.