HPE Aruba Networking AOS Wireless Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-NET-000205
Group -
SRG-NET-000512
Group -
AOS wireless local area network (WLAN) service set identifiers (SSIDs) must be changed from the manufacturer's default to a pseudo random word that does not identify the unit, base, organization, etc.
An SSID that identifies the unit, site, or purpose of the WLAN or is set to the manufacturer default may cause an operational security vulnerability.Rule Low Severity -
AOS must use Transport Layer Security (TLS) 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.
Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks that exploit vulnerabilities in this protocol. This requ...Rule Medium Severity -
AOS must be configured to disable nonessential capabilities.
It is detrimental for network elements to provide, or enable by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked ...Rule Medium Severity -
AOS must use cryptographic algorithms approved by the National Security Agency (NSA) to protect national security systems (NSS) when transporting classified traffic across an unclassified network.
Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. National Institute of Standards and Technology (NIST) cryptographic algorithms are approv...Rule Medium Severity -
When AOS is used as a wireless local area network (WLAN) controller, WLAN Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) implementation must use certificate-based public key infrastructure (PKI) authentication to connect to DOD networks.
DOD certificate-based PKI authentication is strong, two-factor authentication that relies on carefully evaluated cryptographic modules. Implementations of EAP-TLS that are not integrated with certi...Rule Medium Severity -
AOS, when used as a WLAN bridge or controller, must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.
The OOBM access switch will connect to the management interface of the managed network elements. The management interface can be a true OOBM interface or a standard interface functioning as the man...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.