Wireless computing and networking capabilities from workstations, laptops, personal digital assistants (PDAs), handheld computers, cellular phones, or other portable electronic devices are implemented in accordance with DoD wireless policy, as issued. (See also ECCT). Unused wireless computing capabilities internally embedded in interconnected DoD IT assets are normally disabled by changing factory defaults, settings or configurations prior to issue to end users. Wireless computing and networking capabilities are not independently configured by end users.
|MAC / CONF||Impact||Subject Area|
| MACI |
|High||Enclave Computing Environment|
|Wireless computing and networking provide many benefits such as portability and flexibility, increased productivity, and lower installation costs. However, wireless networks present similar security risks to those of a wired network, and since the open airwaves are the communications medium for wireless technology, an entirely new set of risks are introduced. Implementing wireless computing and networking capabilities in accordance with DoD wireless policy and allowing only authorized and qualified personnel to configure wireless services greatly reduces vulnerabilities.|
| 1. All wireless systems shall be approved by the DAA prior to installation and use for processing DoD information. |
2. Personally owned wireless devices shall not be used for processing DoD information.
3. A list of all DAA approved WLAN devices shall be maintained.
4. All individual functions of multi-functional devices shall be secured.
5. Wireless devices shall be documented in the system security documentation.
6. All wireless devices, particularly laptops, shall comply with applicable operating system STIGs.
7. DoD approved anti-virus software shall be installed and configured in accordance with the Desktop Application STIG on all wireless devices, particularly laptops and PDAs, and kept up-to-date with the most recent virus definition tables.