UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating systems Wi-Fi module must use AES-CCMP encryption when connecting to a DoD network.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33141 SRG-OS-000160-MOS-000082 SV-43539r1_rule Medium
Description
If data traffic is sent unencrypted, an adversary may be able to read it to obtain sensitive information. Some WPA2 certified Wi-Fi implementations use Temporal Key Integrity Protocol (TKIP), which is not authorized for use in DoD. There are no publicly known breaches of AES-CCMP, which greatly mitigates the risk of unauthorized eavesdropping.
STIG Date
Mobile Operating System Security Requirements Guide 2013-04-12

Details

Check Text ( C-41401r1_chk )
Review system documentation to verify the product is WPA2 certified. If it is, the device supports AES-CCMP encryption. If it is not WPA2 certified, it is very unlikely to support AES-CCMP encryption but the site may provide evidence to the contrary in the possible event that the manufacturer implemented AES-CCMP without obtaining the WPA2 certification. Verify DoD network connections use AES-CCMP and not TKIP or another protocol. If any other data link layer encryption protocol is used besides AES-CCMP to connect to a DoD network, this is a finding.
Fix Text (F-37041r1_fix)
Configure the operating system's Wi-Fi client to use AES-CCMP when connecting to DoD networks.