AOS must protect wireless access to the network using authentication of users and/or devices.

Allowing devices and users to connect to the system without first authenticating them allows untrusted access and can lead to a compromise or attack. The security boundary of a wireless local area network (WLAN) extends from the client device to the network boundary where network access is controlled. This boundary represents the portion of the network most vulnerable to attack and must be protected. Within this boundary there must be two distinct, but related, security protection mechanisms: authentication and data-in-transit encryption. These protections ensure access control and protection from eavesdropping for both the WLAN system and the DOD network enclave. Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., Extensible Authentication Protocol (EAP)/Transport Layer Security (TLS) and Protected EAP [PEAP]), which provide credential protection and mutual authentication. Satisfies: SRG-NET-000069, SRG-NET-000070