STIGQter: STIG Summary: WLAN Controller Security Technical Implementation Guide (STIG) Version: 6 Release: 15 Benchmark Date: 26 Apr 2019:

WLAN must use EAP-TLS.

DISA Rule

SV-3692r3_rule

Vulnerability Number

V-3692

Group Title

WLAN EAP authentication

Rule Version

WIR0115-01

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Change the WLAN configuration so it supports EAP-TLS, implementing supporting PKI and AAA infrastructure as necessary. If the WLAN equipment is not capable of supporting EAP-TLS, procure new equipment capable of such support.

Check Contents

Note: If the equipment is WPA2/WPA3 certified, then it is capable of supporting this requirement.

Review the WLAN equipment configuration to check EAP-TLS is actively used and no other methods are enabled.

If EAP-TLS is not used or if the WLAN system allows users to connect with other methods, this is a finding.

Vulnerability Number

V-3692

Documentable

False

Rule Version

WIR0115-01

Severity Override Guidance

Note: If the equipment is WPA2/WPA3 certified, then it is capable of supporting this requirement.

Review the WLAN equipment configuration to check EAP-TLS is actively used and no other methods are enabled.

If EAP-TLS is not used or if the WLAN system allows users to connect with other methods, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1538

Comments