UCF STIG Viewer Logo

WLAN components must be FIPS 140-2 or FIPS 140-3 certified.


Finding ID Version Rule ID IA Controls Severity
V-243210 WLAN-NW-000600 SV-243210r720085_rule Medium
If the DoD WLAN components (WLAN AP, controller, or client) are not NIST FIPS 140-2/FIPS 140-3 (Cryptographic Module Validation Program, CMVP) certified, the WLAN system may not adequately protect sensitive unclassified DoD data from compromise during transmission.
Network WLAN AP-IG Platform Security Technical Implementation Guide 2022-02-03


Check Text ( C-46485r720083_chk )
Review the WLAN equipment specification and verify it is FIPS 140-2/3 (CMVP) certified for data in transit, including authentication credentials.

If the WLAN equipment is not is FIPS 140-2/3 (CMVP) certified, this is a finding.
Fix Text (F-46442r720084_fix)
Use WLAN equipment that is FIPS 140-2/3 (CMVP) certified.