UCF STIG Viewer Logo

Network WLAN AP-NIPR Platform Security Technical Implementation Guide


Date Finding Count (11)
2023-02-13 CAT I (High): 0 CAT II (Med): 9 CAT III (Low): 2
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-243220 Medium WLAN must use EAP-TLS.
V-243218 Medium The WLAN inactive/idle session timeout must be set for 30 minutes or less.
V-243216 Medium The site must conduct continuous wireless Intrusion Detection System (IDS) scanning.
V-243224 Medium Wireless access points and bridges must be placed in dedicated subnets outside the enclave's perimeter.
V-243225 Medium The network device must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.
V-243226 Medium The network device must not be configured to have any feature enabled that calls home to the vendor.
V-243219 Medium WLAN components must be Wi-Fi Alliance certified with WPA2 or WPA3.
V-243221 Medium WLAN components must be FIPS 140-2 or FIPS 140-3 certified and configured to operate in FIPS mode.
V-243222 Medium WLAN EAP-TLS implementation must use certificate-based PKI authentication to connect to DoD networks.
V-243217 Low WLAN SSIDs must be changed from the manufacturer's default to a pseudo random word that does not identify the unit, base, organization, etc.
V-243223 Low WLAN signals must not be intercepted outside areas authorized for WLAN access.