UCF STIG Viewer Logo

WMAN Bridge


Overview


Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-4582 High The IAO will ensure that all OOB management connections to the device require authentication.
V-3056 High The IAO/NSO will ensure each user accessing the device locally have their own account with username and password.
V-3143 High The IAO/NSO will ensure all default manufacturer passwords are changed.
V-3210 High The IAO/NSO will ensure that all SNMP community strings are changed from the default values.
V-18604 High A WMAN system transmitting classified data must implement required data encryption controls.
V-3175 High The IAO will ensure that all in-band management connections to the device require authentication.
V-3069 Medium The system administrator will ensure in-band management access to the device is secured using FIPS 140-2 approved encryption or hash algorithms such as AES, 3DES, SSH, or TLS / SSL.
V-14671 Medium The IAO will ensure all NTP-enabled devices authenticate received NTP messages.
V-14717 Medium The system administrator will ensure SSH version 2 is implemented.
V-3057 Medium The IAO/NSO will ensure all user accounts are assigned the lowest privilege level that allows them to perform their duties.
V-3014 Medium The system administrator will ensure the timeout for administrative access is set for no longer than 10 minutes.
V-14886 Medium Wireless access points and bridges must be placed in dedicated subnets outside the enclave’s perimeter.
V-28784 Medium A service or feature that calls home to the vendor must be disabled.
V-3967 Medium The system administrator will ensure the console port is configured to time out after 10 minutes or less of inactivity.
V-17821 Medium Managed NE OOBM interface is not configured with an OOBM network address.
V-17822 Medium The management interface is not configured with both an ingress and egress ACL.
V-18603 Medium Site WMAN systems that transmit unclassified data must implement required data encryption controls.
V-5613 Medium The system administrator will ensure the maximum number of unsuccessful SSH login attempts is set to three, locking access to the network device.
V-5612 Medium The system administrator will ensure SSH timeout value is set to 60 seconds or less, causing incomplete SSH connections to shut down after 60 seconds or less.
V-5611 Medium The system administrator will ensure that the device only allows in-band management sessions from authorized IP addresses from the internal network.
V-23747 Low The IAO/NSO will ensure all managed network elements are configured to use two or more NTP servers to synchronize time.
V-18598 Low The WMAN system must not operate in the 3.30-3.65 GHz frequency band.
V-14844 Low The relevant U.S. Forces Command (USFORSCOM) or host nation must approve the use of wireless equipment prior to operation of such equipment outside the United States and Its Possessions (US&P).
V-7011 Low The system administrator will ensure that the device auxiliary port is disabled if a secured modem providing encryption and authentication is not connected.
V-3070 Low The system administrator will configure the ACL that is bound to the inband interface to log permitted and denied access attempts.