The organization must maintain a list of all DAA-approved wireless and non-wireless devices under their control that store, process, or transmit DoD information.

From Mobile Policy Security Requirements Guide

Part of SRG-MPOL-029

Associated with: CCI-001441

SV-47263r1_rule The organization must maintain a list of all DAA-approved wireless and non-wireless devices under their control that store, process, or transmit DoD information.

Vulnerability discussion

Close tracking of authorized wireless devices will facilitate the search for rogue devices. Sites must maintain precise inventory control over wireless and handheld devices used to store, process, and transmit DoD data as these devices can be easily lost or stolen, leading to possible exposure of DoD data.

Check content

Review the site's wireless equipment list and verify all minimum data elements listed below are included in the equipment list. This check applies to any wireless end user device (e.g., CMD, Wi-Fi network interface card) and wireless network devices (e.g., access point, authentication server). The list of approved wireless devices will be stored in a secure location and will include the following at a minimum: For CMDs: - Manufacturer, model number, and serial number of wireless equipment. - Equipment location or who the device was issued to. - Assigned users with telephone numbers and email addresses. Verify all wireless devices used at the site, including infrared mice/keyboards, are included: - Access point Media Access Control (MAC) address (WLAN only). - Access point IP address (WLAN only). - Wireless client MAC address. - Network DHCP range (WLAN & WWAN only). - Type of encryption enabled. - Access point SSID (WLAN only). - Manufacturer, model number, and serial number of wireless equipment. - Equipment location - Assigned users with telephone numbers. Verify procedures are in place for ensuring the list is kept up to date. If the equipment list does not exist, all data elements are not tracked, or the list is outdated, this is a finding.

Fix text

Maintain a list of all DAA-approved WLAN devices under the organization's control. The list must be updated as devices are commissioned, and contain the data elements required.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer