WMAN Subscriber Security Technical Implementation Guide (STIG)

This STIG contains the technical security controls for the operation of a WMAN Subscriber in the DoD environment.

Details

Version / Release: V6R8

Published: 2014-03-18

Updated At: 2018-09-23 13:38:37

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements

Actions

Download

Filter


Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-3512r1_rule WIR0235 HIGH NSA Type1 products and required procedures must be used to protect classified data at rest (DAR) on wireless devices used on a classified WLAN or WMAN. NSA Type 1 products provide a high level of assurance that cryptography is implemented correctly and meets the standards for storage of classified information. Use of cryptography that is not Type 1 certified violates policy and increases the risk that c
    SV-14613r2_rule WIR0170 MEDIUM A device’s wired network interfaces (e.g., Ethernet) must be disconnected or otherwise disabled when wireless connections are in use. If a client device supports simultaneous use of wireless and wired connections, then this increases the probability that an adversary who can access the device using its wireless interface can then route traffic through the device’s wired interface to a
    SV-14813r2_rule WIR0190 MEDIUM FIPS 140-2 validated encryption modules must be used to encrypt unclassified sensitive data at rest on the wireless device (e.g., laptop, PDA, smartphone). If a wireless device is lost or stolen without DAR encryption, sensitive DoD data could be compromised. Most known security breaches of cryptography result from improper implementation, not flaws in the cryptographic algorithms themselves. FIPS 140-2 v
    SV-14818r1_rule WIR0315-01 MEDIUM WMAN systems must require strong authentication from the user or WMAN subscriber device to WMAN network. Broadband systems not compliant with authentication requirements could allow a hacker to gain access to the DoD network.Information Assurance OfficerECSC-1, ECWN-1
    SV-20153r1_rule WIR0320 MEDIUM When a WMAN system is implemented, the network enclave must enforce strong authentication from user to DoD enclave (wired network). For “User to Enclave” authentication, the enclave must enforce network authentication requirements found in USCYBERCOM CTO 07-15Rev1 (or subsequent updates) (e.g. CAC authentication). Note: User authentication to the enclave must be a separate process from authentication to the WMAN system. If the WMAN vendor implements CAC authentication for the User or WMAN subscribe Without strong user authentication to the network a hacker may be able to gain access.ECWN-1
    SV-20154r1_rule WIR0325 MEDIUM Site WMAN systems that transmit unclassified data must implement required data encryption controls. Sensitive DoD data could be exposed to a hacker.Information Assurance OfficerECWN-1
    SV-20156r1_rule WIR0330 HIGH A WMAN system transmitting classified data must implement required data encryption controls. If not compliant, classified data could be compromised.Information Assurance OfficerECWN-1
    SV-22073r1_rule WIR0315-02 MEDIUM Site WMAN systems must implement strong authentication from the user or WMAN subscriber device to WMAN network. Broadband systems not compliant with authentication requirements could allow a hacker to gain access to the DoD network.System AdministratorInformation Assurance OfficerECSC-1, ECWN-1
    SV-22074r1_rule WIR0315-03 MEDIUM Site WMAN systems must implement strong authentication from the user or WMAN subscriber device to WMAN network. Broadband systems not compliant with authentication requirements could allow a hacker to gain access to the DoD network.System AdministratorInformation Assurance OfficerECSC-1, ECWN-1