Site WMAN systems must implement strong authentication from the user or WMAN subscriber device to WMAN network.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-19904	WIR0315-03	SV-22074r1_rule	ECSC-1 ECWN-1	Medium

Description
Broadband systems not compliant with authentication requirements could allow a hacker to gain access to the DoD network.

STIG	Date
WMAN Subscriber Security Technical Implementation Guide (STIG)	2014-03-18

Details

Check Text ( C-25554r1_chk )
Detailed Policy Requirements: The IAO has not ensured that site WMAN systems implement strong authentication from the User or WMAN subscriber device to WMAN network. -For tactical or commercial WMAN systems operated in a non-tactical environment: User ID and password or shared secret authentication shall be implemented between the User or WMAN subscriber device to the WMAN network. When user ID and password are used, the complexity requirements of the password must be compliant with JTF-GNO CTO 07-15Rev1: --Password complexity is a case sensitive mixture of upper case letters, lower case letters, special characters, and numbers, including at least one of each. Check Procedures: - For non-tactical WMAN systems, verify the system uses either User ID and password or shared secret authentication between the User or WMAN subscriber device (respectively) to the WMAN network. If User ID and password is used, verify the password meets the complexity requirements of CTO 07-15Rev1. Have the system administrator show the password complexity settings in the management console of the WMAN access point. Mark as a finding if the requirements are not met.

Check Text ( C-25554r1_chk )

Detailed Policy Requirements:

The IAO has not ensured that site WMAN systems implement strong authentication from the User or WMAN subscriber device to WMAN network.

-For tactical or commercial WMAN systems operated in a non-tactical environment: User ID and
password or shared secret authentication shall be implemented between the User or WMAN
subscriber device to the WMAN network. When user ID and password are used, the complexity requirements of the password must be compliant with JTF-GNO CTO 07-15Rev1:
--Password complexity is a case sensitive mixture of upper case letters, lower case letters, special characters, and numbers, including at least one of each.

Check Procedures:

- For non-tactical WMAN systems, verify the system uses either User ID and password or shared secret authentication between the User or WMAN subscriber device (respectively) to the WMAN network.

If User ID and password is used, verify the password meets the complexity requirements of CTO 07-15Rev1. Have the system administrator show the password complexity settings in the management console of the WMAN access point. Mark as a finding if the requirements are not met.

Fix Text (F-20573r6_fix)
Comply with requirement.