UCF STIG Viewer Logo

WLAN components must be FIPS 140-2 or FIPS 140-3 certified.


Finding ID Version Rule ID IA Controls Severity
V-243221 WLAN-NW-000600 SV-243221r720118_rule Medium
If the DoD WLAN components (WLAN AP, controller, or client) are not NIST FIPS 140-2/FIPS 140-3 (Cryptographic Module Validation Program, CMVP) certified, the WLAN system may not adequately protect sensitive unclassified DoD data from compromise during transmission.
Network WLAN AP-NIPR Platform Security Technical Implementation Guide 2022-10-04


Check Text ( C-46496r720116_chk )
Review the WLAN equipment specification and verify it is FIPS 140-2/3 (CMVP) certified for data in transit, including authentication credentials.

If the WLAN equipment is not is FIPS 140-2/3 (CMVP) certified, this is a finding.
Fix Text (F-46453r720117_fix)
Use WLAN equipment that is FIPS 140-2/3 (CMVP) certified.