The WLAN access point must be configured for Wi-Fi Alliance WPA2 or WPA3 security. (Cat II impact)
The Wi-Fi Alliance's WPA2/WPA3 certification provides assurance that the device has adequate security functionality and can implement the IEEE 802.11i standard for robust security networks. The previous version of the Wi-Fi Alliance certification, WPA, did not require AES encryption, which must be supported for DoD WLAN implementations. Devices without any WPA certification likely do not support required security functionality and could be vulnerable to a wide range of attacks.
Verify the access point is configured for either WPA2/WPA3 (Enterprise) or WPA2/WPA3 (Personal) authentication. The procedure for performing this review will vary depending on the AP model. Have the SA show the configuration setting. If the access point is not configured with either WPA2 or WPA3 security, this is finding.
Configure the access point for WPA2 (or WPA3) authentication, confidentiality, and integrity services. In the case of WPA2 (Personal), this action will require the selection of a strong passcode or passphrase. In the case of WPA2 (Enterprise), this action will require the organization to deploy RADIUS or equivalent authentication services on a separate server. In cases in which the access point does not support WPA2/WPA3, the organization will need to procure new equipment.
Rule ID: SV-243212r720091_rule
Vulnerability ID: V-243212
Group Title: SRG-NET-000063
The information system implements cryptographic mechanisms to protect the integrity of remote access sessions.
Protection Of Confidentiality / Integrity Using Encryption