The password configured on the WLAN Access Point for key generation and client access must be set to a 14 character or longer complex password as required by USCYBERCOM CTO 07-15Rev1.

From WLAN Access Point (Internet Gateway Only Connection) Security Technical Implementation Guide (STIG)

Part of WLAN Access Point passcode

SV-31427r2_rule The password configured on the WLAN Access Point for key generation and client access must be set to a 14 character or longer complex password as required by USCYBERCOM CTO 07-15Rev1.

Vulnerability discussion

If the organization does not use a strong passcode for client access, then it is significantly more likely that an adversary will be able to obtain it. Once this occurs, the adversary may be able to obtain full network access, obtain DoD sensitive information, and attack other DoD information systems.

Check content

This check only applies to access points that do not use an AAA (RADIUS) server for authentication services. In most cases, this means the access point is configured for WPA2 (Personal), which relies on password authentication, and not WPA2 (Enterprise) which uses an AAA server to authenticate each user based on that user’s authentication credentials. Verify the client authentication password has been set on the access point with the following settings: -14 characters or longer. -The authentication password selected must be comprised of at least two of each of the following: upper case letter, lower case letter, number, and special character. The procedure for verifying these settings varies between AP models. Have the SA show the settings in the AP management console.

Fix text

The key generation password configured on the WLAN Access Point must be set to a 14-character or longer complex password on access points that do not use AAA servers for authentication.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer