Security Controls Over the FDIC’s Wireless Networks

Ensure that wireless security weaknesses are consistently documented in POA&Ms and updated accordingly.

Develop and implement a policy to review, approve, and centrally manage the configuration settings of current and future Wi-Fi enabled devices in FDIC facilities, before set-up and subsequent updates.
 

Conduct a review of FDIC wireless devices and identify those that should not be broadcasting inside and leaking outside the buildings and take appropriate mitigation measures.

Develop and implement a process to regularly examine FDIC wireless devices and their broadcast areas in order to determine appropriate mitigation measures.

Develop and provide training to appropriate personnel on the use of vendor hardening guidelines in conducting controls testing.

Develop and implement a process to regularly reconcile vulnerability scanning results to the inventory list of wireless infrastructure devices, so as to ensure that all devices are included in the FDIC’s vulnerability scans.

Resolve incompatibilities between the third-party vendor’s scanning tool and FDIC wireless infrastructure components, or conduct an analysis to identify viable alternatives for FDIC wireless infrastructure components and the associated level of effort and costs to enhance the vulnerability scanning process.

Develop, update, and implement wireless policies, procedures, and standards that reflect the FDIC’s current business practices and key aspects of wireless data communications, roles and responsibilities, and acceptable use agreements.