| V-3512 | High | NSA Type1 products and required procedures must be used to protect classified data at rest (DAR) on wireless devices used on a classified WLAN or WMAN. | NSA Type 1 products provide a high level of assurance that cryptography is implemented correctly and meets the standards for storage of classified information. Use of cryptography that is not... |
| V-18604 | High | A WMAN system transmitting classified data must implement required data encryption controls. | If not compliant, classified data could be compromised. |
| V-14207 | Medium | WMAN systems must require strong authentication from the user or WMAN subscriber device to WMAN network.
| Broadband systems not compliant with authentication requirements could allow a hacker to gain access to the DoD network. |
| V-18603 | Medium | Site WMAN systems that transmit unclassified data must implement required data encryption controls.
| Sensitive DoD data could be exposed to a hacker. |
| V-18602 | Medium | When a WMAN system is implemented, the network enclave must enforce strong authentication from user to DoD enclave (wired network). For “User to Enclave” authentication, the enclave must enforce network authentication requirements found in USCYBERCOM CTO 07-15Rev1 (or subsequent updates) (e.g. CAC authentication).
Note: User authentication to the enclave must be a separate process from authentication to the WMAN system. If the WMAN vendor implements CAC authentication for the User or WMAN subscriber device to WMAN network, the user may only need to enter their PIN once to authenticate to both the WMAN system and the enclave.
| Without strong user authentication to the network a hacker may be able to gain access. |
| V-19903 | Medium | Site WMAN systems must implement strong authentication from the user or WMAN subscriber device to WMAN network. | Broadband systems not compliant with authentication requirements could allow a hacker to gain
access to the DoD network. |
| V-14202 | Medium | FIPS 140-2 validated encryption modules must be used to encrypt unclassified sensitive data at rest on the wireless device (e.g., laptop, PDA, smartphone). | If a wireless device is lost or stolen without DAR encryption, sensitive DoD data could be compromised. Most known security breaches of cryptography result from improper implementation, not flaws... |
| V-19904 | Medium | Site WMAN systems must implement strong authentication from the user or WMAN subscriber device to WMAN network. | Broadband systems not compliant with authentication requirements could allow a hacker to gain
access to the DoD network. |
| V-14274 | Medium | All wireless devices must be configured according to applicable operating system STIGs. | Security risks inherent to the particular client operating systems such as Windows and Linux must be mitigated in addition to wireless security risks to achieved multilayered security. |
| V-14002 | Medium | A device’s wired network interfaces (e.g., Ethernet) must be disconnected or otherwise disabled when wireless connections are in use. | If a client device supports simultaneous use of wireless and wired connections, then this increases the probability that an adversary who can access the device using its wireless interface can... |
