The WLAN implementation of EAP-TLS must be FIPS 140-2 validated.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-19900	WIR0115-02	SV-22070r1_rule	ECSC-1 ECWN-1	Medium

Description
Most known security breaches of cryptography result from improper implementation of the cryptography, not flaws in the cryptographic algorithms themselves. FIPS 140-2 validation provides assurance that cryptography is implemented correctly, and is required for Federal Government uses of cryptography in non-classified applications.

STIG	Date
WLAN Authentication Server Security Technical Implementation Guide (STIG)	2013-03-14

Details

Check Text ( C-25550r1_chk )
Review the WLAN system product documentation (specification sheet, administration manual, etc.), which should include the FIPS 140-2 certificate for the WLAN system. Verify the certificate specifically covers the implementation of TLS. If there are any concerns about the currency or veracity of the certificate in the product documentation, the reviewer should check the NIST Internet web site (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm) and find the certificate.

Check Text ( C-25550r1_chk )

Review the WLAN system product documentation (specification sheet, administration manual,
etc.), which should include the FIPS 140-2 certificate for the WLAN system. Verify the certificate specifically covers the implementation of TLS. If there are any concerns about the currency or veracity of the certificate in the product documentation, the reviewer should check the NIST Internet web site (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm) and find the certificate.

Fix Text (F-34115r1_fix)
Procure WLAN equipment whose implementation of TLS has been FIPS 140-2 validated.