Security Controls Over the FDIC’s Wireless Networks
Report Information
Unimplemented Recommendations
Ensure that wireless security weaknesses are consistently documented in POA&Ms and updated accordingly.
Develop and implement a policy to review, approve, and centrally manage the configuration settings of current and future Wi-Fi enabled devices in FDIC facilities, before set-up and subsequent updates.
Conduct a review of FDIC wireless devices and identify those that should not be broadcasting inside and leaking outside the buildings and take appropriate mitigation measures.
Develop and implement a process to regularly examine FDIC wireless devices and their broadcast areas in order to determine appropriate mitigation measures.
Resolve incompatibilities between the third-party vendor’s scanning tool and FDIC wireless infrastructure components, or conduct an analysis to identify viable alternatives for FDIC wireless infrastructure components and the associated level of effort and costs to enhance the vulnerability scanning process.
Develop, update, and implement wireless policies, procedures, and standards that reflect the FDIC’s current business practices and key aspects of wireless data communications, roles and responsibilities, and acceptable use agreements.