The organization must establish usage restrictions for wireless access.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35924	SRG-MPOL-010	SV-47240r1_rule		Medium

Description
Wireless security has additional vulnerability because of transmission over an open medium accessible by all, yielding a broader threat profile. Without a methodology for the deployment and usage of wireless devices and access, security of the infrastructure and data cannot be assured. Wireless technologies include, but are not limited to, microwave, satellite, packet radio (UHF/VHF), Wi-Fi, and Bluetooth. Wireless networks present similar security risks to those of a wired network, and since the open airwaves are the communications medium for wireless technology, an entirely new set of risks are introduced. Implementing wireless computing and networking capabilities in accordance with the organization defined wireless policy, and allowing only authorized and qualified personnel to configure wireless services, greatly reduces vulnerabilities.

Description

Wireless security has additional vulnerability because of transmission over an open medium accessible by all, yielding a broader threat profile. Without a methodology for the deployment and usage of wireless devices and access, security of the infrastructure and data cannot be assured. Wireless technologies include, but are not limited to, microwave, satellite, packet radio (UHF/VHF), Wi-Fi, and Bluetooth. Wireless networks present similar security risks to those of a wired network, and since the open airwaves are the communications medium for wireless technology, an entirely new set of risks are introduced. Implementing wireless computing and networking capabilities in accordance with the organization defined wireless policy, and allowing only authorized and qualified personnel to configure wireless services, greatly reduces vulnerabilities.

STIG	Date
Mobile Policy Security Requirements Guide	2013-07-03

Details

Check Text ( C-44163r1_chk )
Review the organization's access control policy, security procedures addressing wireless usage restrictions, and other relevant documents. The objective is to ensure the organization has defined usage restrictions for all wireless access. If the organization has not established usage restrictions, this is a finding.

Fix Text (F-40450r1_fix)
Establish a usage restrictions policy for wireless access within the organization's boundaries/enclave/area of responsibility.