Free DISA STIG and SRG Library | Vaulted

V-3512

NSA Type1 products and required procedures must be used to protect classified data at rest (DAR) on wireless devices used on a classified WLAN or WMAN.

Finding ID
WIR0235
Rule ID
SV-3512r1_rule
Severity
Cat I
CCE
(None)
Group Title
Classified wireless Type 1 DAR encryption
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

NSA Type 1 products provide a high level of assurance that cryptography is implemented correctly and meets the standards for storage of classified information. Use of cryptography that is not Type 1 certified violates policy and increases the risk that classified data will be compromised.

Fix Text

Immediately discontinue use of the non-compliant device.

Check Content

Detailed Policy requirements: Type 1 products and required procedures must be used to protect classified data-at-rest on wireless computers that are used on a classified WLAN or WMAN. If NSA Type1 certified DAR encryption is not available, the following requirements apply: - The storage media shall be physically removed from the computer and stored within a COMSEC-approved security container when the computer is not being used. - The entire computer shall be placed within a COMSEC-approved security container, if the computer has embedded storage media that cannot be removed. Check Procedures: Interview the IAO to determine if devices with wireless functionality (e.g., laptops or PDAs with embedded radios) are used to store classified data. If yes, verify the device is an NSA Type 1 certified product. Mark as a finding if a Type 1 product is not used, or if the storage media or device is not stored in a COMSEC-approved security container when not in use.

Responsibility

Information Assurance Officer

IA Controls

ECWN-1