The operating system must protect wireless access to and from the system using encryption.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-203688	SRG-OS-000299-GPOS-00117	SV-203688r379456_rule		Medium

Description
Allowing devices and users to connect to or from the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Since wireless communications can be intercepted, it is necessary to use encryption to protect the confidentiality of information in transit. Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. This requirement applies to those operating systems that control wireless devices.

Description

Allowing devices and users to connect to or from the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Since wireless communications can be intercepted, it is necessary to use encryption to protect the confidentiality of information in transit. Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. This requirement applies to those operating systems that control wireless devices.

STIG	Date
General Purpose Operating System Security Requirements Guide	2022-11-21

Details

Check Text ( C-3813r374951_chk )
Verify the operating system protects wireless access to and from the system using encryption. If it does not, this is a finding.

Fix Text (F-3813r374952_fix)
Configure the operating system to protect wireless access to and from the system using encryption.