UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

WLAN must use EAP-TLS.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3692 WIR0115-01 SV-3692r1_rule ECSC-1 ECWN-1 Medium
Description
EAP-TLS provides strong cryptographic mutual authentication and key distribution services not found in other EAP methods, and thus provides significantly more protection against attacks than other methods. Additionally, EAP-TLS supports two-factor user authentication on the WLAN client, which provides significantly more protection than methods that rely on a password or certificate alone. EAP-TLS also can leverage DoD CAC in its authentication services, providing additional security and convenience.
STIG Date
WLAN Authentication Server Security Technical Implementation Guide (STIG) 2013-03-14

Details

Check Text ( C-16042r1_chk )
NOTE: If the equipment is WPA2 certified, then it is capable of supporting this requirement.

Review the WLAN equipment configuration to check EAP-TLS is actively used and no other methods are enabled.
Mark as a finding if either EAP-TLS is not used or if the WLAN system allows users to connect with other methods.
Fix Text (F-34114r1_fix)
Change the WLAN configuration so it supports EAP-TLS, implementing supporting PKI and AAA infrastructure as necessary. If the WLAN equipment is not capable of supporting EAP-TLS, procure new equipment capable of such support.