Army Wireless LAN Policy

US Army’s guidelines for deploying wireless LAN technologies is outlined in documents developed and distributed by Army and other DoD organizations. Below is a list of documents related to using commercial wireless LAN technologies in unclassified networks.

DoDD 8100.2

Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DoD) Global Information Grid (GIG) – April 14, 2004. [source]

Section 4.1.2 says if data is transmitted wirelessly it must be secured using FIPS validated encryption, and is a good summary of the entire document.

4.1.2 – Encryption of unclassified data for transmission to and from wireless devices is required. Exceptions may be granted on a case-by-case basis as determined by the Designated Approving Authority (DAA) for the wireless connections under their control. At a minimum, data encryption must be implemented end-to-end over an assured channel and shall be validated under the Cryptographic Module Validation Program as meeting requirements per Federal Information Processing Standards (FIPS) Publication (PUB) 140-2, Overall Level 1 or Level 2, as dictated by the sensitivity of the data (reference (g)).

DoDD 8100.2 Supplement

Use of Commercial Wireless Local-Area Network (WLAN) Devices, Systems, Technologies in the Department of Defense (DoD) Global Information Grid (GIG) -June 2, 2006. [source]

This document added additional guidance related IEEE 802.11 wireless LAN technologies and security. Some argued that the document was too specific and details such as specifying 802.11i for security should be contained in Best Business Practice (BBP) and not overarching directives. Others argued that such details were necessary to remove ambiguity that remained after the release of the April 14, 2004 directive. In addition to detailing the data-in-transit security requirements when deploying IEEE 802.11 networks, the document also stated that continuous 24/7 wireless intrusion detection was required for wired and wireless networks.

AR 25-2 Information Assurance

Sections 4.29 and 4.30 contain guidance regarding portable electronic devices (PEDs) and wireless technologies – revision October 24, 2007. [source]

4–29. Portable electronic devices
Portable electronic devices (PEDs) are portable ISs or devices with or without the capability of wireless or LAN connectivity. These include, but are not limited to, cell phones, pagers, personal digital assistants (PDAs) (for example, Palm Pilots, Pocket PCs), laptops, memory sticks, thumb drives, and two-way radios. Current technologies (infrared, radio frequency, voice, video, microwave) allow the inclusion of numerous capabilities within a single device and dramatically increases the risks associated with IS and network access.

4–30. Wireless local area networks
Wireless LANs are extensions of wired networks and will implement IA policies and procedures in accordance with this and other applicable regulations . Non-compliant wireless LANs will have migration plans documented in POA&Ms, that ensure the systems will meet the minimum requirements of this policy. The DAA will consider the POA&M in the authorization decision. All Army organizations and activities operating wireless local area networks (WLANs) will comply with the following and as supplemented in BBPs.

Wireless Security Standards v1.26

Wireless Best Business Practices (BBP) – updated August 11, 2006. [source]

This document establishes best practice standards for the deployment and use of local wireless network technologies for the Department of the Army. It intends to protect Army resources and data from security threats, improve incident response for wireless issues, and mitigate interference among wireless technologies. Wireless network devices offer a simple, convenient, and inexpensive solution to extend local area network (LAN) accessibility by reducing the requirements of physical infrastructure. Wireless networking removes the encumbrance of wire connections on portable devices, and can also enable laptop and handheld users the ability to travel beyond traditional network boundaries (e.g. between buildings) without losing network connectivity. This flexibility however, introduces several unique vulnerabilities in addition to the inherent risks associated with any wired network.

Since wireless signals are radio transmissions, they can be intercepted by suitable radio receiving devices, jammed intentionally by other devices, sometimes even devices
operating outside the intended service area. If data transmissions are not encrypted or are inadequately encrypted, the intercepted data can be read and understood in a matter of seconds.

“Road Warrior” Laptop Security v1.0

Issued February 17, 2006

Laptops, portable notebooks, tablet-PCs, and similar systems, referred to as mobile computing devices (MCD), pose unique security challenges. Users of these information systems (IS) are tasked with the physical security of these mobile devices while administrators must protect the IS from compromise when used as a standalone system or when remotely connected.

These systems shall be configured to provide host-based security as the primary defensive measure. Combined with the capability to connect securely from trusted or untrusted
sources, the IS must protect the networks during remote user access and permit adequate configuration and security management balanced with user functionality. Technology exists to provide host-based IS protections coupled with the capability to remotely access Army internal resources through protected and securable connectivity.

Army Information Assurance Approved Products List (AIAAPL)

Approved products related to information assurance (firewalls, VPNs, IDS, WIDS, encryption gateways, etc) are listed in document. The document is not available for public download.

Related posts:

1. Organizations Fail To Enforce Wireless LAN Security Policy
2. NSA and Wireless Security
3. Top 10 U.S. ISPs and Internet Sharing Policy
4. Rogue Wireless Station

If you liked this post, subscribe using below

WLAN Book RSS Feed

WLAN Book by Email

.

Filed under: WLAN Policy