Network WLAN Bridge Platform Security Technical Implementation Guide

Quick Actions

We are continuing to improve Stigviewer and we are planning on rolling out new services in the near future. Would you like to be part of the conversation on what those features should be? If so, click here.

Featured Partners

Web page built by Cyber Protection Services

Check out our new AI-powered GRC tool here .
Compliance Dictionary

Standardizes and unifies compliance terms.

Overview

Version	Date	Finding Count (6)			Downloads
7	2023-02-13	CAT I (High): 0	CAT II (Medium): 5	CAT III (Low): 1	Excel JSON XML

Stig Description

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Critical Classified	II - Mission Critical Public	II - Mission Critical Sensitive	III - Mission Critical Classified	III - Mission Critical Public	III - Mission Critical Sensitive

Findings - All

Finding ID	Severity	Title	Description
V-243232	Medium	The network device must not be configured to have any feature enabled that calls home to the vendor.	Call-home services will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. There is a risk that transmission of sensitive data sent to unauthorized persons could result in data loss or downtime due to an attack. (See SRG-NET-000131-RTR-000083.)
V-243231	Medium	The network device must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.	The OOBM access switch will connect to the management interface of the managed network elements. The management interface can be a true OOBM interface or a standard interface functioning as the management interface. In either case, the management interface of the managed network element will be directly connected to the...
V-243230	Medium	Wireless access points and bridges must be placed in dedicated subnets outside the enclave's perimeter.	If an adversary is able to compromise an access point or controller that is directly connected to an enclave network, the adversary can easily surveil and attack other devices from that beachhead. A defense-in-depth approach requires an additional layer of protection between the WLAN and the enclave network. This is...
V-243229	Medium	WLAN components must be FIPS 140-2 or FIPS 140-3 certified and configured to operate in FIPS mode.	If the DoD WLAN components (WLAN AP, controller, or client) are not NIST FIPS 140-2/FIPS 140-3 (Cryptographic Module Validation Program, CMVP) certified, the WLAN system may not adequately protect sensitive unclassified DoD data from compromise during transmission.
V-243228	Medium	WLAN components must be Wi-Fi Alliance certified with WPA2 or WPA3.	Wi-Fi Alliance certification ensures compliance with DoD interoperability requirements between various WLAN products.
V-243227	Low	WLAN SSIDs must be changed from the manufacturer's default to a pseudo random word that does not identify the unit, base, organization, etc.	An SSID identifying the unit, site, or purpose of the WLAN or that is set to the manufacturer default may cause an OPSEC vulnerability.

STIG VIEWER