From Mobile Policy Security Requirements Guide
Part of SRG-MPOL-006
Associated with: CCI-001447
Wireless technologies include, but are not limited to, microwave, satellite, packet radio (UHF/VHF), Wi-Fi, and Bluetooth. Wireless networks present similar security risks to those of a wired network, and since the open airwaves are the communications medium for wireless technology, an entirely new set of risks are introduced. Implementing wireless computing and networking capabilities in accordance with the organization defined wireless policy, within organization-controlled boundaries, allowing only authorized and qualified personnel to configure wireless services, and conducting periodic scans for unauthorized wireless access points greatly reduces vulnerabilities.
Review the organization's access control and security policy, procedures addressing wireless implementation and usage (including restrictions), wireless scanning reports, and any other relevant documentation. The objective is to verify the organization has: (i) established a requirement for monitoring the wireless connection environment for unauthorized access, (ii) established a requirement of periodic scans to be conducted for unauthorized wireless access points, and (iii) established a time period at which these activities are to be conducted. If the organization has not defined the time period for monitoring or scanning, this is a finding.
Define the time period for monitoring of unauthorized wireless connections to information systems to include the time period for performing scans to identify unauthorized wireless access points.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer