Free DISA STIG and SRG Library | Vaulted

V-36593

If Commercial Mobile Devices (CMD) (smartphones or tablets) are used as clients in the campus WLAN system, DoD CIO Memorandum, Use of Commercial Mobile Device (CMD) in the Department of Defense (DoD) must be followed.

Finding ID
WIR-CWLAN-04
Rule ID
SV-48095r1_rule
Severity
Cat II
CCE
(None)
Group Title
Follow DoD CMD policy for campus WLAN clients
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

DoD CIO Memorandum, “Use of Commercial Mobile Device (CMD) in the Department of Defense (DoD)”, 6 Apr 2011, requires specific security controls be implemented in the DoD because these technologies “adds a new element of risk to DoD information”. Classified DoD networks and/or data could be exposed if required controls are not implemented for CMDs that operate as components of a campus WLAN system that is based on the CSfC Campus IEEE 802.11 Wireless Local Area Network (WLAN) Capability Package.

Fix Text

Implement key requirements of the DoD CIO Memorandum, “Use of Commercial Mobile Device (CMD) in the Department of Defense (DoD).

Check Content

Interview the IAM and/or the IAO. Determine if CMDs are used as components of the campus WLAN system that is based on the CSfC Campus IEEE 802.11 Wireless Local Area Network (WLAN) Capability Package. If yes, verify the following key requirements in the DoD CIO memo have been implemented: -The CMDs are managed and controlled by an enterprise management system (Mobile Device Management (MDM) server). -Software and applications must be installed from an approved source (e.g., DoD application store). If CMDs are used as components of the campus WLAN system that is based on the Campus IEEE 802.11 Wireless Local Area Network (WLAN) Capability Package and requirements of the DoD CIO memo are not implemented, this is a finding.

Responsibility

Information Assurance Officer

IA Controls

ECWN-1