UCF STIG Viewer Logo

The password configured on the WLAN access point for key generation and client access must be set to a 15-character or longer complex password as required by USCYBERCOM CTO 07-15 Rev1.


Overview

Finding ID Version Rule ID IA Controls Severity
V-243134 WLAN-ND-000100 SV-243134r719857_rule Medium
Description
If the organization does not use a strong passcode for client access, an adversary is significantly more likely to be able to obtain it. Once this occurs, the adversary may be able to obtain full network access, obtain DoD sensitive information, and attack other DoD information systems.
STIG Date
Network WLAN AP-IG Management Security Technical Implementation Guide 2021-04-16

Details

Check Text ( C-46409r719855_chk )
This check only applies to access points that do not use an AAA (RADIUS) server for authentication services. In most cases, this means the access point is configured for WPA2/WPA3 (Personal), which relies on password authentication, and not WPA2/WPA3 (Enterprise), which uses a AAA server to authenticate each user based on that user's authentication credentials.

Verify the client authentication password has been set on the access point with the following settings:
- 15 characters or more
- The authentication password selected use at least two of each of the following: uppercase letter, lowercase letter, number, and special character.

The procedure for verifying these settings varies between AP models. Have the SA show the settings in the AP management console.

If the WLAN client password is not configured for at least a 15-character length and a complexity with at least two each of uppercase letters, lowercase letters, numbers, and special characters, this is a finding.
Fix Text (F-46366r719856_fix)
Configure the key generation password on the WLAN Access Point to a 15-character or longer complex password on access points that do not use AAA servers for authentication.