UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The WLAN implementation of AES-CCMP must be FIPS 140-2 validated.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19894 WIR0125-02 SV-22064r2_rule ECCT-1 ECSC-1 ECWN-1 Medium
Description
Most known security breaches of cryptography result from improper implementation of the cryptography, not flaws in the cryptographic algorithms themselves. FIPS 140-2 validation provides assurance that cryptography is implemented correctly, and is required for Federal Government uses of cryptography in non-classified applications.
STIG Date
WLAN Access Point (Enclave-NIPRNet Connected) Security Technical Implementation Guide (STIG) 2013-03-14

Details

Check Text ( C-25502r1_chk )
Check Procedures:
Review the WLAN system product documentation (specification sheet, administration manual,
etc.), which should include the FIPS 140-2 certificate for the WLAN system. Verify the certificate specifically covers the implementation of AES-CCMP. If there are any concerns about the currency or veracity of the certificate in the product documentation, the reviewer should check the NIST Internet web site (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm) and find the certificate.
Fix Text (F-34065r1_fix)
Procure WLAN equipment whose implementation of AES-CCMP has been FIPS 140-2 validated.