Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The mobile operating system's Wi-Fi module must use AES-CCMP encryption when connecting to a DoD network.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33141 | SRG-OS-000160-MOS-000082 | SV-43539r1_rule | Medium |
| Description |
|---|
| If data traffic is sent unencrypted, an adversary may be able to read it to obtain sensitive information. Some WPA2 certified Wi-Fi implementations use Temporal Key Integrity Protocol (TKIP), which is not authorized for use in DoD. There are no publicly known breaches of AES-CCMP, which greatly mitigates the risk of unauthorized eavesdropping. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2012-10-01 |
Details
| Check Text ( C-41401r1_chk ) |
|---|
| Review system documentation to verify the product is WPA2 certified. If it is, the device supports AES-CCMP encryption. If it is not WPA2 certified, it is very unlikely to support AES-CCMP encryption but the site may provide evidence to the contrary in the possible event that the manufacturer implemented AES-CCMP without obtaining the WPA2 certification. Verify DoD network connections use AES-CCMP and not TKIP or another protocol. If any other data link layer encryption protocol is used besides AES-CCMP to connect to a DoD network, this is a finding. |
| Fix Text (F-37041r1_fix) |
|---|
| Configure the operating system's Wi-Fi client to use AES-CCMP when connecting to DoD networks. |