A Secure WLAN (SWLAN) must conform to an approved network architecture.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4636 | WIR0210 | SV-4636r1_rule | High |
| Description |
|---|
| Approved network architectures have been assessed for IA risk. Non-approved architectures provide less assurance than approved architectures because they have not undergone the same level of evaluation. |
| STIG | Date |
|---|---|
| Harris SecNet 11 / 54 Security Technical Implementation Guide (STIG) | 2016-11-14 |
Details
| Check Text ( C-16036r1_chk ) |
|---|
| Detailed Policy Requirements: The SWLAN architecture conforms to one of the approved configurations: LAN Extension: This architecture provides wireless access to the wired infrastructure using a Harris SecNet 11/ 54 or L3 KOV-26 Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 2.2 in the DISA FSO Wireless Overview for an example of the LAN Extension architecture. Wireless Bridging: This architecture provides point-to-point bridging using Harris SecNet 11/ 54 or Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 2.3 in the DISA FSO Wireless Overview for an example of the Wireless Bridging architecture. Wireless Peer-to-Peer: This architecture provides point-to-point communications between wireless clients using Harris SecNet 11/ 54 or Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 3.2 in the DISA FSO Wireless Overview for an example of the Wireless Peer-to-Peer architecture. Check Procedures: Interview the SA or IAO to obtain SWLAN network diagrams. Review the SWLAN architecture and ensure it conforms to one of the approved use cases. |
| Fix Text (F-34117r1_fix) |
|---|
| Disable or remove the non-compliant SWLAN or reconfigure it to conform to one of the approved architectures. |