Information Assurance - Unauthorized Wireless Devices - Portable Electronic Devices (PEDs) Used in Classified Processing Areas without Certified TEMPEST Technical Authority (CTTA) Review and Designated Accrediting Authority (DAA) Approval

From Traditional Security

Part of Information Assurance - Unauthorized Wireless Devices - Classified Areas

Associated with IA controls: ECWN-1

SV-41275r2_rule Information Assurance - Unauthorized Wireless Devices - Portable Electronic Devices (PEDs) Used in Classified Processing Areas without Certified TEMPEST Technical Authority (CTTA) Review and Designated Accrediting Authority (DAA) Approval

Vulnerability discussion

Allowing wireless devices in the vicinity of classified processing or discussion could directly result inthe loss or compromise of classified or sensitive information either intentionally or accidentally.

Check content

1. Check to ensure that unauthorized wireless devices (PEDs such as cell phones, blackberrys, laptops, etc.) are not being used in areas where classified systems or machines (SIPRNet) are in use. 2. If PED usage in classified processing areas is permitted by the site, check to ensure there is specific written DAA approval and that a CTTA has assessed the environment and that any resulting recommended TEMPEST countermeasures have been implemented. TACTICAL ENVIRONMENT: The check is applicable for ALL classified processing environments.

Fix text

1. Unauthorized wireless devices (PEDs such as cell phones, blackberrys, laptops, etc.) must not be permitted for use in areas where classified systems or machines (SIPRNet) are in use. 2. If PED usage in classified processing areas is permitted, there must be specific written DAA approval and a CTTA assessment of the environment and any resulting recommended TEMPEST countermeasures must be implemented.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer