Network WLAN Bridge Platform Security Technical Implementation Guide
Overview
| Version | Date | Finding Count (6) | Downloads | ||
| 7 | 2023-02-13 | CAT I (High): 0 | CAT II (Medium): 5 | CAT III (Low): 1 | |
| STIG Description |
| This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. |
Findings - MAC III - Administrative Classified
| Finding ID | Severity | Title | Description |
|---|---|---|---|
| V-243228 | WLAN components must be Wi-Fi Alliance certified with WPA2 or WPA3. | Wi-Fi Alliance certification ensures compliance with DoD interoperability requirements between various WLAN products.... | |
| V-243229 | WLAN components must be FIPS 140-2 or FIPS 140-3 certified and configured to operate in FIPS mode. | If the DoD WLAN components (WLAN AP, controller, or client) are not NIST FIPS 140-2/FIPS 140-3 (Cryptographic Module Validation Program, CMVP) certifi... | |
| V-243230 | Wireless access points and bridges must be placed in dedicated subnets outside the enclave's perimeter. | If an adversary is able to compromise an access point or controller that is directly connected to an enclave network, the adversary can easily surveil... | |
| V-243231 | The network device must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface. | The OOBM access switch will connect to the management interface of the managed network elements. The management interface can be a true OOBM interface... | |
| V-243232 | The network device must not be configured to have any feature enabled that calls home to the vendor. | Call-home services will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troub... | |
| V-243227 | WLAN SSIDs must be changed from the manufacturer's default to a pseudo random word that does not identify the unit, base, organization, etc. | An SSID identifying the unit, site, or purpose of the WLAN or that is set to the manufacturer default may cause an OPSEC vulnerability.... |