Title

Site WMAN systems must implement strong authentication from the user or WMAN subscriber device to WMAN network. (Cat II impact)

Discussion

Broadband systems not compliant with authentication requirements could allow a hacker to gain access to the DoD network.

Check Content

Detailed Policy Requirements: The site WMAN systems must implement strong authentication from the User or WMAN subscriber device to WMAN network. -For tactical or commercial WMAN systems operated in a non-tactical environment: User ID and password or shared secret authentication shall be implemented between the user or WMAN subscriber device to the WMAN network. When user ID/Password are used, the length requirements of the password must be compliant with JTF-GNO CTO 07-15Rev1: o 15 character password length (or the maximum length supported by the system if a 15 character password is not supported). Check Procedures: For non-tactical WMAN systems, verify the system uses either User ID and password or shared secret authentication between the User or WMAN subscriber device (respectively) to the WMAN network. If User ID and password is used, verify the password meets the length requirements of CTO 07-15Rev1. Mark as a finding if the password length requirements are not met.

Fix Text

Comply with requirement.

Additional Identifiers

Rule ID: SV-22073r1_rule

Vulnerability ID: V-19903

Group Title: WMAN authentication - Subscriber to Network

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.