OpenControls Logo

STIG Viewer

The network element must protect wireless access to the system using Federal Information Processing Standard (FIPS)-validated Advanced Encryption Standard (AES) block cipher algorithms with an approved confidentiality mode.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-266560ARBA-NT-000130SV-266560r1040170_ruleCCI-001444medium
Description
Allowing devices and users to connect to the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Because wireless communications can be intercepted, encryption must be used to protect the confidentiality of information in transit. Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., Extensible Authentication Protocol (EAP)/Transport Layer Security (TLS) and Protected EAP [PEAP]), which provide credential protection and mutual authentication. This requirement applies to operating systems that control wireless devices. A block cipher mode is an algorithm that features the use of a symmetric key block cipher algorithm to provide an information service, such as confidentiality or authentication. AES is the FIPS-validated cipher block cryptographic algorithm approved for use in the DOD. For an algorithm implementation to be listed on a FIPS 140-2/140-3 cryptographic module validation certificate as an approved security function, the algorithm implementation must meet all the requirements of FIPS 140-2/140-3 and must successfully complete the cryptographic algorithm validation process. Currently, the National Institute of Standards and Technology (NIST) has approved the following confidentiality modes to be used with AES: ECB, CBC, OFB, CFB, CTR, XTS-AES, FF1, FF3, CCM, GCM, KW, KWP, and TKW. Satisfies: SRG-NET-000070, SRG-NET-000151
STIGDate
HPE Aruba Networking AOS Wireless Security Technical Implementation Guide2024-10-29

Details

Check Text (C-266560r1040170_chk)

Verify the AOS configuration with the following commands: show fips show ap system-profile For each configured ap system profile: show ap system-profile <profile-name> | include FIPS If FIPS is not enabled, this is a finding.

Fix Text (F-70387r1040169_fix)

Configure AOS with the following command: configure terminal For each ap system-profile, run the following commands: ap system-profile <profile-name> fips-enable exit fips enable write memory reload