UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

WLAN Access Point (Internet Gateway Only Connection) Security Technical Implementation Guide (STIG)



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-4582 High The network device must require authentication for console access.
V-3056 High Group accounts must not be configured for use on the network device.
V-15434 High The network element’s emergency account must be set to an appropriate authorization level to perform necessary administrative functions when the authentication server is not online.
V-3012 High The network element must be password protected.
V-3210 High The network element must not use the default or well-known SNMP community strings public and private.
V-3143 High The network element must not have any default manufacturer passwords.
V-3175 High The network device must require authentication prior to establishing a management connection for administrative access.
V-3196 High The network element must use SNMP Version 3 Security Model with FIPS 140-2 validated cryptography for any SNMP agent configured on the device.
V-3069 Medium Management connections to a network device must be established using secure protocols with FIPS 140-2 validated cryptographic modules.
V-14671 Medium The network element must authenticate all NTP messages received from NTP servers and peers.
V-14717 Medium The network element must not allow SSH Version 1 to be used for administrative access.
V-3057 Medium Authorized accounts must be assigned the least privilege level necessary to perform assigned duties.
V-3160 Medium The network element must be running a current and supported operating system with all IAVMs addressed.
V-15432 Medium The network element must use two or more authentication servers for the purpose of granting administrative access.
V-3013 Medium The network element must display the DoD approved login banner warning in accordance with the CYBERCOM DTM-08-060 document.
V-3014 Medium The network element must timeout management connections for administrative access after 10 minutes or less of inactivity.
V-3969 Medium The network device must only allow SNMP read-only access.
V-28784 Medium A service or feature that calls home to the vendor must be disabled.
V-3967 Medium The network element must time out access to the console port after 10 minutes or less of inactivity.
V-3966 Medium In the event the authentication server is down or unavailable, there must only be one local account created for emergency use.
V-17821 Medium The network element’s OOBM interface must be configured with an OOBM network address.
V-17822 Medium The network elements management interface must be configured with both an ingress and egress ACL.
V-14888 Medium The WLAN inactive session timeout must be set for 30 minutes or less.
V-25316 Medium The password configured on the WLAN Access Point for key generation and client access must be set to a 14 character or longer complex password as required by USCYBERCOM CTO 07-15Rev1.
V-25315 Medium WLAN access point must be configured for Wi-Fi Alliance WPA2 security.
V-5613 Medium The network element must be configured for a maximum number of unsuccessful SSH login attempts set at 3 before resetting the interface.
V-5611 Medium The network element must only allow management connections for administrative access from hosts residing in the management network.
V-3058 Medium Unauthorized accounts must not be configured for access to the network device.
V-23747 Low The network element must use two or more NTP servers to synchronize time.
V-14846 Low WLAN SSIDs must be changed from the manufacturer’s default to a pseudo random word that does not identify the unit, base, organization, etc.
V-7011 Low The network element’s auxiliary port must be disabled unless it is connected to a secured modem providing encryption and authentication.
V-14889 Low WLAN signals must not be intercepted outside areas authorized for WLAN access.
V-3070 Low The network element must log all attempts to establish a management connection for administrative access.