Check: WIR0320
WMAN Subscriber STIG (STIG):
WIR0320
(in version v6 r8)
Title
When a WMAN system is implemented, the network enclave must enforce strong authentication from user to DoD enclave (wired network). For “User to Enclave” authentication, the enclave must enforce network authentication requirements found in USCYBERCOM CTO 07-15Rev1 (or subsequent updates) (e.g. CAC authentication). Note: User authentication to the enclave must be a separate process from authentication to the WMAN system. If the WMAN vendor implements CAC authentication for the User or WMAN subscriber device to WMAN network, the user may only need to enter their PIN once to authenticate to both the WMAN system and the enclave. (Cat II impact)
Discussion
Without strong user authentication to the network a hacker may be able to gain access.
Check Content
Interview the IAO and network system administrator to determine if the site’s network is configured to require CAC authentication before a WMAN user is connected to the network. If possible, have a user set up a WMAN connection and verify the user is required to CAC authenticate before they gain access to the local network. Mark as a finding if a WMAN user is not required to CAC authenticate to the network prior to gaining network access.
Fix Text
Comply with policy.
Additional Identifiers
Rule ID: SV-20153r1_rule
Vulnerability ID: V-18602
Group Title: WMAN authentication - User to Enclave
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |