Title

The organization must only procure and deploy WPA2-Enterprise certified WLAN equipment and software for wireless systems that connect directly to DoD networks. (Cat II impact)

Discussion

The Wi-Fi Alliance WPA2-Enterprise certification means the WLAN equipment can support DoD security protocol and encryption requirements, most notably EAP-TLS and AES-CCMP. If the equipment has not been WPA-Enterprise certified, the equipment may not have the required security functionality to adequately protect DoD networks and information.

Check Content

Review the WLAN system product documentation (specification sheet, administration manual, etc.). Verify the system is WPA2-Enterprise certified. If the system is not WPA2-Enterprise certified, this is a finding. Note that WPA is the precursor certification to WPA2 and is not sufficient.

Fix Text

Update all WLAN equipment and software to WPA2-Enterprise certified for wireless systems that connect directly to DoD networks.

Additional Identifiers

Rule ID:

Vulnerability ID: V-35942

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.