Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

sc-40

wireless link protection

assessment objective:

Determine if:

sc-40[1]

the organization defines:

sc-40[1][a]

internal wireless links to be protected  from particular types of signal parameter attacks;

sc-40[1][b]

external wireless links to be protected  from particular types of signal parameter attacks;

sc-40[2]

the organization defines types of signal parameter attacks or references to sources for such attacks that are based upon exploiting the signal parameters of organization-defined internal and external wireless links; and

sc-40[3]

the information system protects internal and external organization-defined wireless links from organization-defined types of signal parameter attacks or references to sources for such attacks.

potential assessment methods and objects:

Examine: [SELECT FROM: System and communications protection policy; access control policy and procedures; procedures addressing wireless link protection; information system design documentation; wireless network diagrams; information system configuration settings and associated documentation; information system architecture; list or internal and external wireless links; list of signal parameter attacks or references to sources for attacks; information system audit records; other relevant documents or records].

Interview: [select from: System/network administrators; organizational personnel with information security responsibilities; system developer; organizational personnel installing, configuring, and/or maintaining the information system; organizational personnel authorizing, installing, configuring and/or maintaining internal and external wireless links].

Test: [select from: Automated mechanisms supporting and/or implementing protection of wireless links].