Navy Wireless LAN Policy

Like Army’s Wireless LAN Policy, Navy’s guidelines for deploying wireless LAN technologies are outlined in documents developed and distributed by the Department of the Navy (DON) and other DoD organizations. Below is a list of documents related to using commercial wireless LAN technologies in unclassified networks.

SECNAV Instruction 5239.3A

5239.3A, released in December 2004 by the DON CIO, is Department of the Navy Information Assurance Policy. The document establishes Information Assurance (IA) policy for the
Department of the Navy (DON) consistent with National and Department of Defense (DoD) policies. The policy applies to “All Ships and Stations” and doesn’t have any specifics about WLANs or wireless security. The specifics regarding wireless are covered in guidelines below. [source]

SECNAV Instruction 2075.1

DON Use of Commercial Wireless Local Area Network (WLAN) Devices, Services, and Technologies, released November 2006. [source]

This policy provides guidance to secure components of the network that directly pertain to the wireless architecture. It delineates requirements for FIPS-140 Certification and Accreditation as well as Layer 2 Authentication and Encryption.

DON Guidance on Wireless Local Area Network Implementation of the 802.11i Standard, released January 2008. [source]

A. All new WLAN acquisitions must specify the 802.11i addendum.

B. Existing non-compliant WLAN solutions must ensure migration toward compliance with the 802.11i addendum. Migration plans shall be submitted to the Department of the Navy Chief Information Officer (DON CIO) within 90 days.

C. All solutions will continue to be certified and accredited by the appropriate designated approval authority (DAA) prior to implementation.

DoDD 8100.2

Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DoD) Global Information Grid (GIG) – April 14, 2004. [source]

Section 4.1.2 says if data is transmitted wirelessly it must be secured using FIPS validated encryption, and is a good summary of the entire document.

4.1.2 – Encryption of unclassified data for transmission to and from wireless devices is required. Exceptions may be granted on a case-by-case basis as determined by the Designated Approving Authority (DAA) for the wireless connections under their control. At a minimum, data encryption must be implemented end-to-end over an assured channel and shall be validated under the Cryptographic Module Validation Program as meeting requirements per Federal Information Processing Standards (FIPS) Publication (PUB) 140-2, Overall Level 1 or Level 2, as dictated by the sensitivity of the data (reference (g)).

DoDD 8100.2 Supplement

Use of Commercial Wireless Local-Area Network (WLAN) Devices, Systems, Technologies in the Department of Defense (DoD) Global Information Grid (GIG) -June 2, 2006. [source]

This document added additional guidance related IEEE 802.11 wireless LAN technologies and security. Some argued that the document was too specific and details such as specifying 802.11i for security should be contained in Best Business Practice (BBP) and not overarching directives. Others argued that such details were necessary to remove ambiguity that remained after the release of the April 14, 2004 directive. In addition to detailing the data-in-transit security requirements when deploying IEEE 802.11 networks, the document also stated that continuous 24/7 wireless intrusion detection was required for wired and wireless networks.

Related Posts:

• DoD Commercial WLAN Technologies Instruction 8420.01
  DoD Commercial WLAN Technologies Instruction 8420.01 The US Department of Defense (DOD) released a commercial wireless local area network (WLAN) devices, systems, and technologies...
• BridgeChecker v1.2 Available for Download
  BridgeChecker v1.2 Available for Download BridgeChecker v1.2 and previous versions are available for download from the BridgeChecker Download page. BridgeChecker User Guide This version...

If you liked this post, subscribe using below

WLAN Book RSS Feed

WLAN Book by Email

.

Filed under: WLAN Policy