The organization must provide the DAA the results of a Certified TEMPEST Technical Authority (CTTA) TEMPEST evaluation of each WLAN system it operates.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35951 | SRG-MPOL-033 | SV-47267r1_rule | Low |
| Description |
|---|
| Sensitive and/or classified information could be compromised via a TEMPEST vulnerability. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44188r1_chk ) |
|---|
| Interview the appropriate personnel and review the site's accreditation documentation to verify the department or agency CTTA has completed the required evaluation. If the required evaluation has not been completed, this is a finding. |
| Fix Text (F-40476r1_fix) |
|---|
| Confirm and document the department or agency CTTA has evaluated the system to determine its TEMPEST vulnerability and provided this information to the DAA. |