STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Information Assurance - Unauthorized Wireless Devices - Portable Electronic Devices (PEDs) Used in Classified Processing Areas without Certified TEMPEST Technical Authority (CTTA) Review and Authorizing Official (AO) Approval.

DISA Rule

SV-41275r3_rule

Vulnerability Number

V-31128

Group Title

Information Assurance - Unauthorized Wireless Devices - Classified Areas

Rule Version

IA-11.02.01

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

1. Unauthorized wireless devices (PEDs such as cell phones, Black Berrys, laptops, etc.) must not be permitted for use in areas where classified systems or machines (SIPRNet) are in use.

2. If PED usage in classified processing areas is permitted, there must be specific written AO (formerly DAA) approval and a CTTA assessment of the environment and any resulting recommended TEMPEST countermeasures must be implemented.

Check Contents

1. Check to ensure that unauthorized wireless devices (PEDs such as cell phones, Black Berrys, laptops, etc.) are not being used in areas where classified systems or machines (SIPRNet) are in use.

2. If PED usage in classified processing areas is permitted by the site, check to ensure there is specific written AO (formerly DAA) approval and that a CTTA has assessed the environment and that any resulting recommended TEMPEST countermeasures have been implemented.

TACTICAL ENVIRONMENT: The check is applicable for ALL classified processing environments.

Vulnerability Number

V-31128

Documentable

False

Rule Version

IA-11.02.01

Mitigations

Information Assurance

Severity Override Guidance

1. Check to ensure that unauthorized wireless devices (PEDs such as cell phones, Black Berrys, laptops, etc.) are not being used in areas where classified systems or machines (SIPRNet) are in use.

2. If PED usage in classified processing areas is permitted by the site, check to ensure there is specific written AO (formerly DAA) approval and that a CTTA has assessed the environment and that any resulting recommended TEMPEST countermeasures have been implemented.

TACTICAL ENVIRONMENT: The check is applicable for ALL classified processing environments.

Check Content Reference

M

Mitigation Control

Official PDA/Blackberries must be allowed to sync. Recommend they only be powered up for
syncing and the classified system not be running during that time.
Devices may be allowed if they are powered off while in the facility, employees are initially briefed and periodically reminded of the policy and there is strict enforcement of not using wireless devices in classified processing areas.

Target Key

2506

Comments