STIGQter: STIG Summary: WLAN Access Point (Internet Gateway Only Connection) Security Technical Implementation Guide (STIG) Version: 6 Release: 14 Benchmark Date: 27 Apr 2018:

The password configured on the WLAN Access Point for key generation and client access must be set to a 14 character or longer complex password as required by USCYBERCOM CTO 07-15Rev1.

DISA Rule

SV-31427r2_rule

Vulnerability Number

V-25316

Group Title

WLAN Access Point passcode

Rule Version

WIR0122

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

The key generation password configured on the WLAN Access Point must be set to a 14-character or longer complex password on access points that do not use AAA servers for authentication.

Check Contents

This check only applies to access points that do not use an AAA (RADIUS) server for authentication services. In most cases, this means the access point is configured for WPA2 (Personal), which relies on password authentication, and not WPA2 (Enterprise) which uses an AAA server to authenticate each user based on that user’s authentication credentials.
Verify the client authentication password has been set on the access point with the following settings:

-14 characters or longer.
-The authentication password selected must be comprised of at least two of each of the following: upper case letter, lower case letter, number, and special character.

The procedure for verifying these settings varies between AP models. Have the SA show the settings in the AP management console.

Vulnerability Number

V-25316

Documentable

False

Rule Version

WIR0122

Severity Override Guidance

This check only applies to access points that do not use an AAA (RADIUS) server for authentication services. In most cases, this means the access point is configured for WPA2 (Personal), which relies on password authentication, and not WPA2 (Enterprise) which uses an AAA server to authenticate each user based on that user’s authentication credentials.
Verify the client authentication password has been set on the access point with the following settings:

-14 characters or longer.
-The authentication password selected must be comprised of at least two of each of the following: upper case letter, lower case letter, number, and special character.

The procedure for verifying these settings varies between AP models. Have the SA show the settings in the AP management console.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

545

Comments