The password configured on the WLAN access point for key generation and client access must be set to a 15-character or longer complex password as required by USCYBERCOM CTO 07-15 Rev1.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-243134	WLAN-ND-000100	SV-243134r879601_rule		Medium

Description
If the organization does not use a strong passcode for client access, an adversary is significantly more likely to be able to obtain it. Once this occurs, the adversary may be able to obtain full network access, obtain DoD sensitive information, and attack other DoD information systems.

STIG	Date
Network WLAN AP-IG Management Security Technical Implementation Guide	2023-09-13

Details

Check Text ( C-46409r719855_chk )
This check only applies to access points that do not use an AAA (RADIUS) server for authentication services. In most cases, this means the access point is configured for WPA2/WPA3 (Personal), which relies on password authentication, and not WPA2/WPA3 (Enterprise), which uses a AAA server to authenticate each user based on that user's authentication credentials. Verify the client authentication password has been set on the access point with the following settings: - 15 characters or more - The authentication password selected use at least two of each of the following: uppercase letter, lowercase letter, number, and special character. The procedure for verifying these settings varies between AP models. Have the SA show the settings in the AP management console. If the WLAN client password is not configured for at least a 15-character length and a complexity with at least two each of uppercase letters, lowercase letters, numbers, and special characters, this is a finding.

Check Text ( C-46409r719855_chk )

This check only applies to access points that do not use an AAA (RADIUS) server for authentication services. In most cases, this means the access point is configured for WPA2/WPA3 (Personal), which relies on password authentication, and not WPA2/WPA3 (Enterprise), which uses a AAA server to authenticate each user based on that user's authentication credentials.

Verify the client authentication password has been set on the access point with the following settings:
- 15 characters or more
- The authentication password selected use at least two of each of the following: uppercase letter, lowercase letter, number, and special character.

The procedure for verifying these settings varies between AP models. Have the SA show the settings in the AP management console.

If the WLAN client password is not configured for at least a 15-character length and a complexity with at least two each of uppercase letters, lowercase letters, numbers, and special characters, this is a finding.

Fix Text (F-46366r719856_fix)
Configure the key generation password on the WLAN Access Point to a 15-character or longer complex password on access points that do not use AAA servers for authentication.