Skip to content
Log In

Network WLAN AP-NIPR Platform Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-NET-000383

    Group
    Show

  • The site must conduct continuous wireless Intrusion Detection System (IDS) scanning.

    DoD networks are at risk and DoD data could be compromised if wireless scanning is not conducted to identify unauthorized WLAN clients and access points connected to or attempting to connect to the...
    Rule Medium Severity
    Show

  • WLAN must use EAP-TLS.

    EAP-TLS provides strong cryptographic mutual authentication and key distribution services not found in other EAP methods, and thus provides significantly more protection against attacks than other ...
    Rule Medium Severity
    Show

  • WLAN EAP-TLS implementation must use certificate-based PKI authentication to connect to DoD networks.

    DoD certificate-based PKI authentication is strong, two-factor authentication that relies on carefully evaluated cryptographic modules. Implementations of EAP-TLS that are not integrated with certi...
    Rule Medium Severity
    Show

  • Wireless access points and bridges must be placed in dedicated subnets outside the enclave's perimeter.

    If an adversary is able to compromise an access point or controller that is directly connected to an enclave network, the adversary can easily surveil and attack other devices from that beachhead. ...
    Rule Medium Severity
    Show

  • SRG-NET-000512

    Group
    Show

  • WLAN SSIDs must be changed from the manufacturer's default to a pseudo random word that does not identify the unit, base, organization, etc.

    An SSID identifying the unit, site, or purpose of the WLAN or that is set to the manufacturer default may cause an OPSEC vulnerability.
    Rule Low Severity
    Show

  • SRG-NET-000514

    Group
    Show

  • The WLAN inactive/idle session timeout must be set for 30 minutes or less.

    A WLAN session that never terminates due to inactivity may allow an opening for an adversary to highjack the session to obtain access to the network.
    Rule Medium Severity
    Show

  • SRG-NET-000063

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules