WLAN Authentication Server Security Technical Implementation Guide

Version	Date	Finding Count (3)			Downloads
6	2011-10-10 2013-03-14 2013-03-14 2013-03-14 2013-03-14	CAT I (High): 0	CAT II (Med): 3	CAT III (Low): 0	Excel	JSON	XML

STIG Description
This STIG contains the technical security controls for the operation of a WLAN Authentication Server in the DoD environment.

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Finding ID	Severity	Title	Description
V-19900	Medium	The WLAN implementation of EAP-TLS must be FIPS 140-2 validated.	Most known security breaches of cryptography result from improper implementation of the cryptography, not flaws in the cryptographic algorithms themselves. FIPS 140-2 validation provides assurance...
V-3692	Medium	WLAN must use EAP-TLS.	EAP-TLS provides strong cryptographic mutual authentication and key distribution services not found in other EAP methods, and thus provides significantly more protection against attacks than other...
V-30257	Medium	WLAN EAP-TLS implementation must use CAC authentication to connect to DoD networks.	DoD CAC authentication is strong, two-factor authentication that relies on on carefully evaluated cryptographic modules. Implementations of EAP-TLS that are not integrated with DoD CAC could have...