Assessment of NRC’s Wireless Devices
Report Information
Recommendations
Develop and implement a technical process for isolation verification of SLES from all other connected networks, and provide refresher training to SLES security administrators on organizational responsibility for system configuration and management of SLES security controls for network isolation.
Provide refresher training for SLES security and system administrators on separation of duties.
Evaluate, select, and implement an automated audit log reduction and analysis system for SLES. This system should include both technology and process/procedure elements.
Evaluate, select, and implement an automated configuration control and baseline documentation system for SLES.
Implement improved technologies and procedures for detection and management of unauthorized network-disconnected wireless systems. These improvements should include selection and deployment of a wireless intrusion detection system, proactive management of detected wireless systems including wireless printers and audio-visual control systems, policy development and security awareness training for users and administrators related to personal area network devices, and refresher training about restrictions on wireless networking systems.