Applications managing network connections for devices must authenticate devices before establishing wireless network connections by using bidirectional authentication that are cryptographic.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35600	SRG-APP-000160-AS-NA	SV-46887r1_rule		Medium

Description
Device authentication requires unique identification and authentication that may be defined by type, by specific device, or by a combination of type and device, as deemed appropriate by the organization. The required strength of the device authentication mechanism is determined by the security categorization of the information system. Bidirectional authentication provides a means for both connecting parties to mutually authenticate one another and cryptographic authentication provides a secure means of authenticating without the use of clear text passwords. This requirement is intended to address devices that manage or allow wireless devices to connect to the network. This does not apply to an AS.

Description

Device authentication requires unique identification and authentication that may be defined by type, by specific device, or by a combination of type and device, as deemed appropriate by the organization. The required strength of the device authentication mechanism is determined by the security categorization of the information system. Bidirectional authentication provides a means for both connecting parties to mutually authenticate one another and cryptographic authentication provides a secure means of authenticating without the use of clear text passwords. This requirement is intended to address devices that manage or allow wireless devices to connect to the network. This does not apply to an AS.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43943r1_chk )
This requirement is NA for the AS SRG.

Fix Text (F-40141r1_fix)
The requirement is NA. No fix is required.