Users must receive training on required topics before they are authorized to access a DoD network via a wireless remote access device.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-25034	WIR-WRA-001	SV-30836r4_rule	PRTN-1	Low

Description
Improper use of wireless remote access to a DoD network can compromise both the wireless client and the network, as well as, expose DoD data to unauthorized people. Without adequate training remote access users are more likely to engage in behaviors that make DoD networks and information more vulnerable to security exploits.

STIG	Date
Wireless Remote Access Policy Security Implementation Guide	2013-03-12

Details

Check Text ( C-31258r7_chk )
Detailed Policy Requirements: The IAO and the site wireless device administrator must ensure all wireless remote access users receive training on the following topics before they are authorized to access a DoD network via a wireless remote access device: - Maintaining physical control of the device. - Reducing exposure of sensitive data. - User authentication and content encryption requirements. - Enabling wireless interfaces only when needed. - Enable VPN connection to the DoD network immediately after establishing a wireless connection (using an approved VPN client). - All Internet browsing will be done via the VPN connection to the DoD network. - No split tunneling of VPN. - Locations where wireless remote access is authorized or not authorized (i.e., home, airport, hotel, etc.). - Wireless client configuration requirements. - Use of WPA2 Personal (AES) on home WLAN. - Home WLAN password and SSID requirements - Discontinue the use of devices suspected of being tampered with and notify the site IAO. Check Procedures: Review site wireless device and/or IA awareness training material to verify it contains the required content. Note: Some training content may be listed in the User Agreement signed by the user. Verify site training records show authorized wireless remote access users received required training and training occurred before the users were issued a device. Check training records for approximately five users, picked at random. Mark as a finding if wireless remote access users have not received required training.

Check Text ( C-31258r7_chk )

Detailed Policy Requirements:
The IAO and the site wireless device administrator must ensure all wireless remote access users receive training on the following topics before they are authorized to access a DoD network via a wireless remote access device:

- Maintaining physical control of the device.
- Reducing exposure of sensitive data.

- User authentication and content encryption requirements.
- Enabling wireless interfaces only when needed.
- Enable VPN connection to the DoD network immediately after establishing a wireless connection (using an approved VPN client).
- All Internet browsing will be done via the VPN connection to the DoD network.
- No split tunneling of VPN.
- Locations where wireless remote access is authorized or not authorized (i.e., home, airport, hotel, etc.).
- Wireless client configuration requirements.
- Use of WPA2 Personal (AES) on home WLAN.
- Home WLAN password and SSID requirements - Discontinue the use of devices suspected of being tampered with and notify the site IAO.

Check Procedures:
Review site wireless device and/or IA awareness training material to verify it contains the required content.

Note: Some training content may be listed in the User Agreement signed by the user.

Verify site training records show authorized wireless remote access users received required training and training occurred before the users were issued a device. Check training records for approximately five users, picked at random.

Mark as a finding if wireless remote access users have not received required training.

Fix Text (F-27724r2_fix)
Complete required training.