| V-243228 | Medium | WLAN components must be Wi-Fi Alliance certified with WPA2 or WPA3. | Wi-Fi Alliance certification ensures compliance with DoD interoperability requirements between various WLAN products. |
| V-243229 | Medium | WLAN components must be FIPS 140-2 or FIPS 140-3 certified. | If the DoD WLAN components (WLAN AP, controller, or client) are not NIST FIPS 140-2/FIPS 140-3 (Cryptographic Module Validation Program, CMVP) certified, the WLAN system may not adequately protect... |
| V-243232 | Medium | The network device must not be configured to have any feature enabled that calls home to the vendor. | Call-home services will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. There is a risk that transmission... |
| V-243231 | Medium | The network device must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface. | The OOBM access switch will connect to the management interface of the managed network elements. The management interface can be a true OOBM interface or a standard interface functioning as the... |
| V-243230 | Medium | Wireless access points and bridges must be placed in dedicated subnets outside the enclave's perimeter. | If an adversary is able to compromise an access point or controller that is directly connected to an enclave network, the adversary can easily surveil and attack other devices from that beachhead.... |
| V-243227 | Low | WLAN SSIDs must be changed from the manufacturer's default to a pseudo random word that does not identify the unit, base, organization, etc. | An SSID identifying the unit, site, or purpose of the WLAN or that is set to the manufacturer default may cause an OPSEC vulnerability. |
