The WLAN access point must be configured for Wi-Fi Alliance WPA2 or WPA3 security.

An XCCDF Rule

Description

<VulnDiscussion>The Wi-Fi Alliance's WPA2/WPA3 certification provides assurance that the device has adequate security functionality and can implement the IEEE 802.11i standard for robust security networks. The previous version of the Wi-Fi Alliance certification, WPA, did not require AES encryption, which must be supported for DoD WLAN implementations. Devices without any WPA certification likely do not support required security functionality and could be vulnerable to a wide range of attacks.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-243212r720091_rule
Severity: Medium
References: CCI-001453
Updated: 9 months ago

Configure the access point for WPA2 (or WPA3) authentication, confidentiality, and integrity services. 

In the case of WPA2 (Personal), this action will require the selection of a strong passcode or passphrase. 

In the case of WPA2 (Enterprise), this action will require the organization to deploy RADIUS or equivalent authentication services on a separate server.
In cases in which the access point does not support WPA2/WPA3, the organization will need to procure new equipment.

The WLAN access point must be configured for Wi-Fi Alliance WPA2 or WPA3 security.

Description

Remediation - Manual Procedure