WLAN components must be FIPS 140-2 or FIPS 140-3 certified and configured to operate in FIPS mode.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-243210 | WLAN-NW-000600 | SV-243210r891317_rule | CCI-001967 | medium |
| Description | ||||
| If the DoD WLAN components (WLAN AP, controller, or client) are not NIST FIPS 140-2/FIPS 140-3 (Cryptographic Module Validation Program, CMVP) certified, the WLAN system may not adequately protect sensitive unclassified DoD data from compromise during transmission. | ||||
| STIG | Date | |||
| Network WLAN AP-IG Platform Security Technical Implementation Guide | 2023-02-13 | |||
Details
Check Text (C-243210r891317_chk)
Review the WLAN equipment specification and verify it is FIPS 140-2/3 (CMVP) certified for data in transit, including authentication credentials. Verify the component is configured to operate in FIPS mode.
If the WLAN equipment is not is FIPS 140-2/3 (CMVP) certified or is not configured to operate in FIPS mode, this is a finding.
Fix Text (F-46442r891316_fix)
Use WLAN equipment that is FIPS 140-2/3 (CMVP) certified. Configure the component to operate in FIPS mode.