UCF STIG Viewer Logo

Network WLAN AP-IG Platform Security Technical Implementation Guide


Overview

Date Finding Count (9)
2023-02-13 CAT I (High): 0 CAT II (Med): 7 CAT III (Low): 2
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-243215 Medium The network device must not be configured to have any feature enabled that calls home to the vendor.
V-243214 Medium The network device must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.
V-243213 Medium DoD Components providing guest WLAN access (internet access only) must use separate WLAN or logical segmentation of the enterprise WLAN (e.g., separate service set identifier [SSID] and virtual LAN) or DoD network.
V-243212 Medium The WLAN access point must be configured for Wi-Fi Alliance WPA2 or WPA3 security.
V-243208 Medium The WLAN inactive/idle session timeout must be set for 30 minutes or less.
V-243209 Medium WLAN components must be Wi-Fi Alliance certified with WPA2 or WPA3.
V-243210 Medium WLAN components must be FIPS 140-2 or FIPS 140-3 certified and configured to operate in FIPS mode.
V-243211 Low WLAN signals must not be intercepted outside areas authorized for WLAN access.
V-243207 Low WLAN SSIDs must be changed from the manufacturer's default to a pseudo random word that does not identify the unit, base, organization, etc.