{
"stig": {
"date": "2014-03-18",
"description": "This STIG contains the technical security controls for the operation of a RFID Workstation in the DoD environment.",
"findings": {
"V-14034": {
"checkid": "C-11509r1_chk",
"checktext": "Detail Policy Requirements:\nIf a wireless connection (e.g. WLAN, Bluetooth) is used between the RFID scanner and RFID workstation, the following requirements must be followed:\n\n- If WLAN is used for the wireless connection, assign \u201cWLAN Client\u201d asset posture in VMS to the workstation (or PDA) asset and complete WLAN checks assigned to the workstation (or PDA).\n\n- If Bluetooth or some other wireless technology is used for the wireless connection, assign \u201cBluetooth\u201d asset posture in VMS to the workstation (or PDA) asset and complete Bluetooth checks assigned to the workstation(or PDA).\n\nCheck Procedures:\nVerify that the appropriate VMS wireless posture has been assigned to the RFID workstation (or PDA) asset and the appropriate checks have been completed. Mark as a finding if the requirement has not been met.",
"description": "Sensitive data stored on the RFID scanner and transmitted to the workstation could be compromised.",
"fixid": "F-13509r1_fix",
"fixtext": "Comply with the security requirements associated with the technology enabling wireless communication between the RFID scanner and RFID computing infrastructure.",
"iacontrols": [
"ECWN-1"
],
"id": "V-14034",
"ruleID": "SV-14645r1_rule",
"severity": "low",
"title": "If a wireless connection (e.g. WLAN, Bluetooth) is used between the RFID scanner and RFID workstation, security requirements must be followed.",
"version": "WIR0500"
},
"V-18625": {
"checkid": "C-22309r1_chk",
"checktext": "NOTE: This check applies to any handheld mobile device (PDA, non-email Windows Mobile or Palm OS PDA, iPod, bar code scanner, RFID scanner, cell phone, etc.) that is connected to a DoD Windows PC for the purpose of provisioning or transferring data between the PC and mobile device. This check does not apply to BlackBerrys, Windows Mobile smartphones used for email, and SME PEDs. Requirements for these devices are found in the appropriate STIG for the device. \n\nThese requirements do not apply to:\n-PDAs that are never connected to Windows PCs.\n-PDAs connected to stand-alone DoD Windows computers that are not connected to a DoD network.\n-PCMCIA cards with flash memory used to store user data. For example, many new broadband wireless modems have this capability. (NOTE: encryption of data stored on the flash memory may be required by Assistant Secretary of Defense for Networks and Information Integration/DoD Chief Information Officer Memorandum, \u201cEncryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage,\u201d July 3, 2007.)\n-PCMCIA cards with non-user addressable ROM flash memory.\n\nDetailed Policy Requirements: \n\nPDAs and smartphones will not be connected to DoD Windows computers via a USB connection unless the following conditions are met:\n\n- The DoD Windows computer utilizes the DoD Host Based Security System (HBSS) with the Device Control Module (DCM). Configuration requirements are found in CTO 10-004A.\n\n-Autorun is disabled on the Windows PC.\n\nCheck Procedures:\n\nInterview the IAO and smartphone administrator. \n\nCheck the following on sample (use 3-4 devices as a random sample) PCs and smartphones:\n\n- Verify the site has implemented HBSS with DCM on computers used to connect BlackBerrys. Have the Windows reviewer assist in determining that HBSS with DCM is installed (ususally verified during a Windows Workstation review)..\n\n- Verify Autorun is disabled (ususally verified during a Windows Workstation review). \n",
"description": "PDAs with flash memory can introduce malware to a PC when they are connected for provisioning of the PDA or to transfer data between the PC and PDA, particularly if the PDA is seen by the PC as a mass storage device and autorun in enabled. ",
"fixid": "F-28611r1_fix",
"fixtext": "Windows PCs used to connect to smartphones will be configured so they are compliant with requirements. ",
"iacontrols": [
"ECWN-1"
],
"id": "V-18625",
"ruleID": "SV-31702r1_rule",
"severity": "medium",
"title": "PDA and Smartphones that are connected to DoD Windows computers via a USB connection must be compliant with requirements.",
"version": "WIR-MOS-PDA-032"
}
},
"profiles": {
"MAC-1_Classified": {
"description": "",
"findings": {
"V-14034": "true",
"V-18625": "true"
},
"id": "MAC-1_Classified",
"title": "I - Mission Critial Classified"
},
"MAC-1_Public": {
"description": "",
"findings": {
"V-18625": "true"
},
"id": "MAC-1_Public",
"title": "I - Mission Critial Public"
},
"MAC-1_Sensitive": {
"description": "",
"findings": {
"V-14034": "true",
"V-18625": "true"
},
"id": "MAC-1_Sensitive",
"title": "I - Mission Critial Sensitive"
},
"MAC-2_Classified": {
"description": "",
"findings": {
"V-14034": "true",
"V-18625": "true"
},
"id": "MAC-2_Classified",
"title": "II - Mission Support Classified"
},
"MAC-2_Public": {
"description": "",
"findings": {
"V-18625": "true"
},
"id": "MAC-2_Public",
"title": "II - Mission Support Public"
},
"MAC-2_Sensitive": {
"description": "",
"findings": {
"V-14034": "true",
"V-18625": "true"
},
"id": "MAC-2_Sensitive",
"title": "II - Mission Support Sensitive"
},
"MAC-3_Classified": {
"description": "",
"findings": {
"V-14034": "true",
"V-18625": "true"
},
"id": "MAC-3_Classified",
"title": "III - Administrative Classified"
},
"MAC-3_Public": {
"description": "",
"findings": {
"V-18625": "true"
},
"id": "MAC-3_Public",
"title": "III - Administrative Public"
},
"MAC-3_Sensitive": {
"description": "",
"findings": {
"V-14034": "true",
"V-18625": "true"
},
"id": "MAC-3_Sensitive",
"title": "III - Administrative Sensitive"
}
},
"slug": "rfid_workstation",
"title": "RFID Workstation Security Technical Implementation Guide (STIG)",
"version": "6"
}
}