The cryptography implemented by the Wireless Local Area Network (WLAN) components must be FIPS 140-2 validated.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19900 | WIR0115-02 | SV-22070r3_rule | Medium |
| Description |
|---|
| Most known security breaches of cryptography result from improper implementation of the cryptography, not flaws in the cryptographic algorithms themselves. FIPS 140-2 validation provides assurance that cryptography is implemented correctly, and is required for Federal Government uses of cryptography in non-classified applications. |
| STIG | Date |
|---|---|
| Network Infrastructure Policy Security Technical Implementation Guide | 2018-09-27 |
Details
| Check Text ( C-25550r2_chk ) |
|---|
| Review the WLAN system product documentation. Verify the system is WPA2-Enterprise certified by the Wi-Fi Alliance. If the WLAN product is not WPA2-Enterprise certified, this is a finding. |
| Fix Text (F-34115r2_fix) |
|---|
| Procure WLAN equipment whose implementation of TLS has been FIPS 140-2 validated. |