Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-92237 | WIR0115-3 | SV-102339r1_rule | Medium |
Description |
---|
If the DoD WLAN components (WLAN AP, controller, or client) are not NIST FIPS 140-2 (Cryptographic Module Validation Program – CMVP) certified, the WLAN system may not adequately protect sensitive unclassified DoD data from compromise during transmission. |
STIG | Date |
---|---|
WLAN Access Point (Internet Gateway Only Connection) Security Technical Implementation Guide (STIG) | 2019-02-26 |
Check Text ( C-91401r1_chk ) |
---|
Review the WLAN equipment specification and verify it is FIPS 140-2 (CMVP) certified for data in transit, including authentication credentials. If the WLAN equipment is not is FIPS 140-2 (CMVP) certified, this is a finding. |
Fix Text (F-98445r1_fix) |
---|
Use WLAN equipment that is FIPS 140-2 (CMVP) certified. |