UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Site WMAN systems that transmit unclassified data must implement required data encryption controls.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18603 WIR0325 SV-20154r1_rule Medium
Description
Sensitive DoD data could be exposed to a hacker.
STIG Date
WMAN Bridge Security Technical Implementation Guide (STIG) 2016-09-28

Details

Check Text ( C-22270r1_chk )
Detailed policy requirements:

Site WMAN systems that transmit unclassified data must implement the following data encryption controls:

- For tactical WMAN systems or commercial WMAN systems operated in a tactical environment:
--The WMAN system must implement FIPS 140-2 validated encryption to protect the ISO OSI Layer 2 radio data frames. The WMAN system must be configured for AES-CCM encryption, if supported by the WMAN system.
--The WMAN system must implement FIPS 140-2 validated encryption to protect the ISO OSI Layer 3 data being transmitted.

- For tactical WMAN systems or commercial WMAN systems operated in a non-tactical environment and for WMAN bridges:
--The WMAN system must implement FIPS 140-2 validated encryption at ISO OSI Layer 2 or 3.

Check Procedures:

Verify with the IAO that site WMAN systems transmitting unclassified data implement the following data encryption controls:

For tactical WMAN systems or commercial WMAN systems operated in a tactical environment:
- The WMAN system must implement FIPS 140-2 validated encryption to protect the ISO OSI Layer 2 radio data frames. The WMAN system will be configured for AES-CCM encryption, if supported by the WMAN system.
- The WMAN system must implement FIPS 140-2 validated encryption to protect the ISO OSI Layer 3 data being transmitted.

For tactical WMAN systems or commercial WMAN systems operated in a non-tactical environment:
- The WMAN system must implement FIPS 140-2 validated encryption at ISO OSI Layer 2 or 3.

Mark as a finding if these requirements are not met.
Fix Text (F-14436r1_fix)
Comply with policy.