Cyber Trackr - Free Compliance Library
Cyber Trackr
The Free Compliance Library

Wireless Keyboard and Mouse Security Technical Implementation Guide (STIG)

  • Version/Release: V6R8
  • Published: 2014-03-18
  • Expand All:
  • Severity:
  • Sort:
Compare

Select any two versions of this STIG to compare the individual requirements

View

Select any old version/release of this STIG to view the previous requirements

This STIG contains the technical security controls for the operation of a Wireless Keyboard & Mouse in the DoD environment.
b
If a wireless keyboard or mouse is used with any site computers, then it must follow security requirements.
Medium - V-4639 - SV-4639r1_rule
RMF Control
Severity
Medium
CCI
Version
WIR0535
Vuln IDs
  • V-4639
Rule IDs
  • SV-4639r1_rule
The use of unauthorized wireless keyboards and mice can compromise DoD computers, networks, and data. The receiver for a wireless keyboard/mouse provides a wireless port on the computer that could be attacked by a hacker. Wireless keyboard transmissions can be intercepted by a hacker and easily viewed if required security is not used.Information Assurance OfficerECWN-1
Checks: C-4009r1_chk

Detailed Policy Requirements: If a wireless keyboard or mouse is used with any site workstations, the following requirements must be followed: - If WLAN is used for the wireless connection, assign “WLAN Client” asset posture in VMS to the workstation (or PDA) asset and complete WLAN checks assigned to the workstation (or PDA). - If Bluetooth or some other wireless technology is used for the wireless connection, assign “Bluetooth” asset posture in VMS to the workstation (or PDA) asset and complete Bluetooth checks assigned to the workstation(or PDA). Check Procedures: Verify the appropriate VMS wireless posture has been assigned to the workstation asset and the appropriate checks have been completed. Mark as a finding if the requirements are not met. NOTE: Currently, no wireless keyboards or mice meet these requirements. If the wireless mouse/keyboard is using a proprietary RF protocol (i.e., not Bluetooth or 802.11), then apply the Bluetooth checks.

Fix: F-19256r1_fix

Comply with requirement.

b
If infrared wireless mice and keyboards are used on classified or unclassified equipment and networks, the required conditions must be followed.
Medium - V-7073 - SV-7457r1_rule
RMF Control
Severity
Medium
CCI
Version
WIR0530
Vuln IDs
  • V-7073
Rule IDs
  • SV-7457r1_rule
Wireless mice and keyboard receivers are a open wireless port on a PC, which can be attacked by a hacker. In addition, wireless keyboard transmissions, if not secured, can be compromised when intercepted.Information Assurance OfficerECWN-1
Checks: C-4010r1_chk

Detailed Policy Requirements: If infrared wireless mice and keyboards are used on classified or unclassified equipment and networks, the following conditions must be followed: ­- The DAA, in consultation with the CTTA, has approved IR wireless mice and/or keyboards for use in the facility. (The CTTA should evaluate the TEMPEST risks of the system.) ­- When wireless mice and/or keyboards are used on classified equipment, the area is approved for processing classified information at the appropriate level. ­- The area is totally enclosed with walls, ceiling, and floor consisting of material opaque to IR. There are no windows unless each window is covered with a film approved for blocking IR. All doors will remain closed when the devices are in operation. ­- There is no mixing of classified and unclassified equipment using IR within the same enclosed area. ­- When IR is used with classified equipment in the same enclosed area as unclassified equipment with IR ports, the IR ports on the unclassified equipment is completely covered with metallic tape. ­- When IR is used with unclassified equipment in the same enclosed area as classified equipment with IR ports, the IR ports on the classified equipment is completely covered with metallic tape. Check Procedures: Review documentation. 1. Verify the IR device is DAA approved and in compliance with CTTA separation requirements. 2. Visually and electronically survey the area to test if emanations from the IR device is transmitting beyond the allowed area as per CTTA (or ask for documentation showing that this testing has be done). 3. Verify the policy requirements listed in the policy above are in place and users are trained on the requirements by interviewing the SM or IAO. Mark as a finding if any of these requirements are not met.

Fix: F-19294r1_fix

Comply with requirement.