USDA covers its bases with a detailed plan
Rules put strict requirements on Bluetooth, infrared, encryption and APs
- By Brad Grimes, Jason Miller
- Jun 16, 2006
The Agriculture Department's wireless policy, updated in April through a series of departmental notices, comprises everything from architectural requirements to acquisition guidance.
Unlike the Defense Department's most recent wireless memorandum, USDA's policy covers technologies such as Bluetooth and infrared communications, which the department tightly restricts, requiring that Bluetooth and infrared be used only between government-owned devices or within secure government facilities.
These technologies also can only be used with strict security measures turned on, including Encryption Mode 3, use of temporary personal identification numbers
It's a very detailed policy.
'We have 3,000 county offices where they use wireless devices, and we have to make sure we have a policy that takes care of all our concerns from a security
perspective,' said Robert Suda, USDA's associate CIO.
For instance, if an employee teleworks and uses a wireless LAN at home, a department representative must inspect the employee's home to ensure the use of
Secure Sockets Layer protocol, virtual private networking or the IEEE 802.11i wireless security standard with AES encryption.
Within USDA, the policy requires the use of 802.11i. Approved two years ago, the standard can be a hurdle for agencies that deployed pre-802.11i networks, because the accompanying encryption algorithms often require hardware upgrades.
USDA offices must also deploy 802.11i wireless equipment certified by the National Institute of Standards and Technology to conform to Federal Information
Processing Standards 140-2. As in the recent DOD wireless policy, FIPS-140-1 cryptographic modules are not acceptable.
Offices that deployed wireless networks before 802.11i came out have a year from April to upgrade, and they're not allowed to connect their noncompliant networks
to any other USDA network without a waiver.
Aside from 802.11i requirements, USDA has taken many of the same steps as DOD, requiring wireless intrusion detection devices and firewalls along the wireless
network. But unlike DOD, USDA is particularly concerned with access point configuration.
The department requires X.509 certificates in all devices to authenticate
actual access points. USDA also requires that all APs be registered with the department and maintain logs of unauthorized access attempts for 30
days. In addition, the policy said, 'APs will be located on interior
walls of buildings.'
Agriculture is one of only a handful of agencies with a mature wireless policy.