STIGQter: STIG Summary: WLAN Controller Security Technical Implementation Guide (STIG) Version: 6 Release: 15 Benchmark Date: 26 Apr 2019:

WLAN EAP-TLS implementation must use certificate-based PKI authentication to connect to DoD networks.

DISA Rule

SV-39895r3_rule

Vulnerability Number

V-30257

Group Title

WLAN DoD authentication

Rule Version

WIR0116

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Integrate certificate-based PKI authentication into the WLAN authentication process.

Check Contents

Detailed Policy Requirements:

Certificate-based PKI authentication must be used to connect WLAN client devices to DoD networks. The certificate-based PKI authentication should directly support the WLAN EAP-TLS implementation.
At least one layer of user authentication must enforce network authentication requirements (e.g., CAC authentication) before the user is able to access DoD information resources.

Check Procedures:

Interview the site ISSO and SA. Determine if the site’s network is configured to require certificate-based PKI authentication before a WLAN user is connected to the network. If certificate-based PKI authentication is not required prior to a DoD WLAN user accessing the DoD network, this is a finding.
Note: This check does not apply to medical devices. Medical devices are permitted to connect to the WLAN using pre-shared keys.

WLAN EAP-TLS implementation must use certificate-based PKI authentication to connect to DoD networks.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments