The organization's WLAN implementation of EAP-TLS must be FIPS 140-2 validated.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-MPOL-021 | SRG-MPOL-021 | SRG-MPOL-021_rule | Medium |
| Description |
|---|
| Strong authentication is required prior to connecting to the wireless system. A hacker could gain access to the wireless network and then the wired network if required authentication is not implemented. Strong mutual authentication will be implemented at two levels on the WLAN system: User or WLAN client device to WLAN network; and user to wired network. For the User or WLAN client device to WLAN network authentication, the following requirement applies: The EAP-TLS implementation must be FIPS 140-2 validated. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2012-10-10 |
Details
| Check Text ( C-SRG-MPOL-021_chk ) |
|---|
| Review the WLAN system product documentation (specification sheet, administration manual, etc.) and FIPS 140-2 certificate for the WLAN system. Review the FIPS 140-2 certificate of the WLAN product client device and determine if the certificate includes EAP-TLS. Many FIPS 140-2 certificates only include encryption of the wireless data as it is being transmitted. If the WLAN system's EAP-TLS mode is not FIPS validated, this is a finding |
| Fix Text (F-SRG-MPOL-021_fix) |
|---|
| Ensure the EAP-TLS is FIPS 140-2 validated. |