Free DISA STIG and SRG Library | Vaulted

V-4636

A Secure WLAN (SWLAN) must conform to an approved network architecture.

Finding ID
WIR0210
Rule ID
SV-4636r1_rule
Severity
Cat I
CCE
(None)
Group Title
SWLAN architecture
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

Approved network architectures have been assessed for IA risk. Non-approved architectures provide less assurance than approved architectures because they have not undergone the same level of evaluation.

Fix Text

Disable or remove the non-compliant SWLAN or reconfigure it to conform to one of the approved architectures.

Check Content

Detailed Policy Requirements: The SWLAN architecture conforms to one of the approved configurations: LAN Extension: This architecture provides wireless access to the wired infrastructure using a Harris SecNet 11/ 54 or L3 KOV-26 Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 2.2 in the DISA FSO Wireless Overview for an example of the LAN Extension architecture. Wireless Bridging: This architecture provides point-to-point bridging using Harris SecNet 11/ 54 or Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 2.3 in the DISA FSO Wireless Overview for an example of the Wireless Bridging architecture. Wireless Peer-to-Peer: This architecture provides point-to-point communications between wireless clients using Harris SecNet 11/ 54 or Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 3.2 in the DISA FSO Wireless Overview for an example of the Wireless Peer-to-Peer architecture. Check Procedures: Interview the SA or IAO to obtain SWLAN network diagrams. Review the SWLAN architecture and ensure it conforms to one of the approved use cases.

Responsibility

Information Assurance Officer