Free DISA STIG and SRG Library | Vaulted


Physical security controls must be implemented for SWLAN access points.

Finding ID
Rule ID
Cat II
Group Title
SWLAN physical security controls
Target Key

If an adversary is able to gain physical access to a SWLAN device, it may be able to compromise the device in a variety of ways, some of which could enable the adversary to obtain classified data. Physical security controls greatly mitigate this risk.

Fix Text

Implement required physical security controls for the SWLAN.

Check Content

Detailed Policy Requirements: The following physical security controls must be implemented for SWLAN access points: - Secure WLAN access points shall be physically secured, and methods shall exist to facilitate the detection of tampering. WLAN APs are part of a communications system and shall have controlled physical security, in accordance with DoDD 5200.08-R. SWLAN access points not within a location that provides limited access shall have controlled physical security with either fencing or inspection. - Either physical inventories or electronic inventories shall be conducted daily by viewing or polling the serial number or MAC address. Access points not stored in a COMSEC-approved security container shall be physically inventoried. Check Procedures: It is recommended the Traditional Reviewer assist with this check. Review the physical security controls of the SWLAN access points. - Verify site SWLAN access points are physically secured - -- Verify there is some method for alerting site security if the access point has been tampered with. - Determine if site SWLAN access points are in locations that provide limited access to only authorized personnel who are approved to access the access points. - Determine how the site conducts a daily physical inventory of SWLAN access points. Verify that required inventory methods are used, depending on if the access points are stored in a COMSEC container. - Mark as a finding if any requirement has not been met.


System Administrator

IA Controls