Mobile Policy Security Technical Implementation Guide (STIG)

V2R4 2018-09-07       U_Mobile_Policy_STIG_V2R4_Manual-xccdf.xml
V2R2 2013-03-12       U_Mobility_Policy_V2R2_manual_xccdf.xml
This STIG provides policy, training, and operating procedure security controls for the use of mobile devices and systems in the DoD environment. This STIG applies to any mobile operating system device used to store, process, transmit, or receive DoD information. Comments or proposed revisions to this document should be sent via email to the following address: [email protected]
Comparison
All 1
No Change 0
Updated 0
Added 1
Removed 0
V-12106 Added
Findings ID: WIR0040 Rule ID: SV-12659r5_rule Severity: medium CCI: CCI-002327

Discussion

The operation of electronic equipment and emanations must be controlled in and around areas where sensitive information is kept or processed. Sites should post signs and train users to this requirement to mitigate this vulnerability.System Administrator

Checks

Detailed Policy Requirements: DoD Components may operate unclassified WLAN systems and WLAN-enabled PEDs in secure spaces when classified systems are turned off and RF transmitter separation is implemented in accordance with CNSS Advisory Memorandum TEMPEST/1-13, the Mobile Policy SRG, and the Network Policy and Mobility Policy STIGs. The ISSO will ensure unclassified wireless devices are not operated in areas where classified information is electronically stored, processed, or transmitted unless: - Approved by the AO. - The unclassified wireless equipment is separated from the classified data equipment at the minimum distance described in CNSS Advisory Memorandum TEMPEST/1-13. - Classified processing equipment is turned off. Review written policies, training material, or user agreements to see if wireless usage in these areas is addressed. Verify proper procedures for wireless device use in classified areas is addressed in training program. Review documentation. Work with the traditional security reviewer to verify the following: If classified information is not processed at this site, this is not a finding. If any of the following are found, this is a finding: - Unclassified wireless equipment is being operated in a Secure Space while classified equipment is turned on. - AO has not approved the use of unclassified wireless equipment in the Secure Space. - Users are not trained or made aware (using signage or user agreement) of procedures for wireless device usage in and around classified processing areas.

Fix

Central Computer and Telecommunication Agency (CTTA) must designate a separation distance in writing. AO must coordinate with the CTTA. Train users or get a signed user agreement on procedures for wireless device usage in and around classified processing areas.