Check: WIR0330
WMAN Access Point STIG (STIG):
WIR0330
(in versions v6 r13 through v6 r11)
Title
A WMAN system transmitting classified data must implement required data encryption controls. (Cat I impact)
Discussion
If not compliant, classified data could be compromised.
Check Content
Detailed Policy Requirements: Site WMAN systems that transmit classified data must implement the following data encryption controls: - The WMAN system must implement FIPS 140-2 validated encryption to protect the ISO OSI Layer 2 radio data frames. The WMAN system will be configured for AES-CCM encryption, if supported by the WMAN system. (Not required for classified WMAN bridges.) - The WMAN system must implement NSA Type 1 certified High Assurance Internet Protocol Encryptor (HAIPE) encryption, other NSA Type 1 certified encryption, or NSA approved Suite B overlay encryption at ISO OSI Layer 3 to protect data being transmitted. Check Procedures: Review the WMAN product specification sheets. - Verify FIPS 140-2 validated encryption is being used at OSI Layer 2 to protect the radio data frames. - Determine if the system supports AES-CCM encryption. If yes, verify the system has been configured for AES-CCM encryption. - Verify NSA Type 1 certified High Assurance Internet Protocol Encryptor (HAIPE) encryption, other NSA Type 1 certified encryption, or NSA approved Suite B overlay encryption is being used at OSI Layer 3 to protect data being transmitted. Mark as a finding if any of these requirements have not been met.
Fix Text
Comply with policy.
Additional Identifiers
Rule ID: SV-20156r1_rule
Vulnerability ID: V-18604
Group Title: Classified WMAN encryption compliant
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |