UCF STIG Viewer Logo

WLAN access point must be configured for Wi-Fi Alliance WPA2 security.


Finding ID Version Rule ID IA Controls Severity
V-25315 WIR0121 SV-31426r1_rule Medium
The Wi-Fi Alliance’s WPA2 certification provides assurance that the device has adequate security functionality and can implement the IEEE 802.11i standard for robust security networks. The previous version of the Wi-Fi Alliance certification, WPA, did not require AES encryption, which must be supported for DoD WLAN implementations. Devices without any WPA certification likely do not support required security functionality and could be vulnerable to a wide range of attacks.
WLAN Access Point (Internet Gateway Only Connection) Security Technical Implementation Guide (STIG) 2019-02-26


Check Text ( C-31750r1_chk )
Verify the access point is configured for either WPA2 (Enterprise) or WPA2 (Personal) authentication. The procedure for performing this review will vary depending on the AP model. Have the SA show the configuration setting.
Fix Text (F-28235r1_fix)
Configure the access point for WPA2 authentication, confidentiality, and integrity services. In the case of WPA2 (Personal), this action will require the selection of a strong passcode or passphrase. In the case of WPA2 (Enterprise), this action will require the organization to deploy RADIUS or equivalent authentication services on a separate server. In cases in which the access point does not support WPA2, the organization will need to procure new equipment.