The site physical security policy must include a statement if CMDs with digital cameras (still and video) are permitted or prohibited on or in the DoD facility.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-25036	WIR-WRA-003	SV-30838r3_rule	ECWN-1	Low

Description
Wireless client, networks, and data could be compromised if unapproved wireless remote access is used. In most cases, unapproved devices are not managed and configured as required by the appropriate STIG and the site’s overall network security controls are not configured to provide adequate security for unapproved devices. When listed in the SSP, the site has shown that security controls have been designed to account for the wireless devices.

Description

Wireless client, networks, and data could be compromised if unapproved wireless remote access is used. In most cases, unapproved devices are not managed and configured as required by the appropriate STIG and the site’s overall network security controls are not configured to provide adequate security for unapproved devices. When listed in the SSP, the site has shown that security controls have been designed to account for the wireless devices.

STIG	Date
Wireless Remote Access Policy Security Implementation Guide	2013-03-12

Details

Check Text ( C-31260r4_chk )
This requirement applies to mobile operating system (OS) CMDs. Work with traditional reviewer to review site’s physical security policy. Verify the site addresses CMDs with embedded cameras. Mark this as a finding if there is no written physical security policy outlining whether CMDs with cameras (still and video) are permitted or prohibited on or in the DoD facility.

Fix Text (F-27726r5_fix)
Publish a site physical security policy that includes a statement if CMDs with cameras (still and video) are permitted or prohibited on or in the DoD facility.