The organization's wireless LAN must use Extension Authentication Protocol - Transport Layer Security (EAP-TLS).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-MPOL-020 | SRG-MPOL-020 | SRG-MPOL-020_rule | Medium |
| Description |
|---|
| Strong authentication is required prior to connecting to the wireless system. A hacker could gain access to the wireless network and then the wired network if required authentication is not implemented. Strong mutual authentication has been implemented at two levels on the WLAN system: User or WLAN client device to WLAN network; and User to wired network. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2012-10-10 |
Details
| Check Text ( C-SRG-MPOL-020_chk ) |
|---|
| Review the WLAN system product documentation (specification sheet, administration manual, etc.) and WLAN equipment configuration. Verify EAP-TLS is supported and is configured on the equipment. If EAP-TLS is not used, this is a finding. |
| Fix Text (F-SRG-MPOL-020_fix) |
|---|
| Implement EAP-TLS authentication controls on the WLAN system. |