UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The WLAN access point must be configured for Wi-Fi Alliance WPA2 or WPA3 security.


Overview

Finding ID Version Rule ID IA Controls Severity
V-243212 WLAN-NW-000900 SV-243212r720091_rule Medium
Description
The Wi-Fi Alliance's WPA2/WPA3 certification provides assurance that the device has adequate security functionality and can implement the IEEE 802.11i standard for robust security networks. The previous version of the Wi-Fi Alliance certification, WPA, did not require AES encryption, which must be supported for DoD WLAN implementations. Devices without any WPA certification likely do not support required security functionality and could be vulnerable to a wide range of attacks.
STIG Date
Network WLAN AP-IG Platform Security Technical Implementation Guide 2021-04-16

Details

Check Text ( C-46487r720089_chk )
Verify the access point is configured for either WPA2/WPA3 (Enterprise) or WPA2/WPA3 (Personal) authentication. The procedure for performing this review will vary depending on the AP model. Have the SA show the configuration setting.

If the access point is not configured with either WPA2 or WPA3 security, this is finding.
Fix Text (F-46444r720090_fix)
Configure the access point for WPA2 (or WPA3) authentication, confidentiality, and integrity services.

In the case of WPA2 (Personal), this action will require the selection of a strong passcode or passphrase.

In the case of WPA2 (Enterprise), this action will require the organization to deploy RADIUS or equivalent authentication services on a separate server.

In cases in which the access point does not support WPA2/WPA3, the organization will need to procure new equipment.