Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25316 | WIR0122 | SV-31427r2_rule | IAIA-1 | Medium |
Description |
---|
If the organization does not use a strong passcode for client access, then it is significantly more likely that an adversary will be able to obtain it. Once this occurs, the adversary may be able to obtain full network access, obtain DoD sensitive information, and attack other DoD information systems. |
STIG | Date |
---|---|
WLAN Access Point (Internet Gateway Only Connection) Security Technical Implementation Guide (STIG) | 2014-12-31 |
Check Text ( C-31751r2_chk ) |
---|
This check only applies to access points that do not use an AAA (RADIUS) server for authentication services. In most cases, this means the access point is configured for WPA2 (Personal), which relies on password authentication, and not WPA2 (Enterprise) which uses an AAA server to authenticate each user based on that user’s authentication credentials. Verify the client authentication password has been set on the access point with the following settings: -14 characters or longer. -The authentication password selected must be comprised of at least two of each of the following: upper case letter, lower case letter, number, and special character. The procedure for verifying these settings varies between AP models. Have the SA show the settings in the AP management console. |
Fix Text (F-28236r1_fix) |
---|
The key generation password configured on the WLAN Access Point must be set to a 14-character or longer complex password on access points that do not use AAA servers for authentication. |