Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33141 | SRG-OS-000160-MOS-000082 | SV-43539r1_rule | Medium |
Description |
---|
If data traffic is sent unencrypted, an adversary may be able to read it to obtain sensitive information. Some WPA2 certified Wi-Fi implementations use Temporal Key Integrity Protocol (TKIP), which is not authorized for use in DoD. There are no publicly known breaches of AES-CCMP, which greatly mitigates the risk of unauthorized eavesdropping. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-04-12 |
Check Text ( C-41401r1_chk ) |
---|
Review system documentation to verify the product is WPA2 certified. If it is, the device supports AES-CCMP encryption. If it is not WPA2 certified, it is very unlikely to support AES-CCMP encryption but the site may provide evidence to the contrary in the possible event that the manufacturer implemented AES-CCMP without obtaining the WPA2 certification. Verify DoD network connections use AES-CCMP and not TKIP or another protocol. If any other data link layer encryption protocol is used besides AES-CCMP to connect to a DoD network, this is a finding. |
Fix Text (F-37041r1_fix) |
---|
Configure the operating system's Wi-Fi client to use AES-CCMP when connecting to DoD networks. |