From WLAN Access Point (Enclave-NIPRNet Connected) Security Technical Implementation Guide (STIG)
Part of WLAN EAP authentication
Associated with IA controls: ECWN-1, ECSC-1
EAP-TLS provides strong cryptographic mutual authentication and key distribution services not found in other EAP methods, and thus provides significantly more protection against attacks than other methods. Additionally, EAP-TLS supports two-factor user authentication on the WLAN client, which provides significantly more protection than methods that rely on a password or certificate alone. EAP-TLS also can leverage DoD CAC in its authentication services, providing additional security and convenience.
NOTE: If the equipment is WPA2 certified, then it is capable of supporting this requirement. Review the WLAN equipment configuration to check EAP-TLS is actively used and no other methods are enabled. Mark as a finding if either EAP-TLS is not used or if the WLAN system allows users to connect with other methods. Note: DoDI 8420.01 provides the capability for the DAA to grant limited exceptions to this requirement.
Change the WLAN configuration so it supports EAP-TLS, implementing supporting PKI and AAA infrastructure as necessary. If the WLAN equipment is not capable of supporting EAP-TLS, procure new equipment capable of such support.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer