From WLAN Access Point (Enclave-NIPRNet Connected) Security Technical Implementation Guide (STIG)
Part of Transmitted WLAN AES-CCMP
Associated with IA controls: ECWN-1, ECSC-1
AES-CCMP provides all required WLAN security services for data in transit. The other encryption protocol available for IEEE 802.11i compliant robust security networks and WPA2 certified solutions is the Temporal Key Integrity Protocol (TKIP). TKIP relies on the RC4 cipher, which has known vulnerabilities. Some WLANs also rely on Wireless Equivalent Privacy (WEP), which also uses RC4, and is easily cracked in minutes on active WLANs. Use of protocols other than AES-CCMP places DoD WLANs at greater risk of security breaches than other available approaches.
Detailed Policy requirements: Encryption requirements for data in transit: - The WLAN infrastructure (e.g., access point, bridge, or WLAN controller) and WLAN client device must be configured to use the AES-CCMP encryption protocol. Check procedures: - Interview IAO and review WLAN system documentation. - Determine if the WLAN network and client components encryption setting has been configured to use the AES-CCMP encryption protocol and no others. - Mark as a finding if the WLAN is configured to support any encryption protocol other than AES-CCMP, even if AES-CCMP is one of several supported options.
Implement AES-CCMP to protect data in transit. Deactivate encryption protocols other than AES-CCMP.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer