Free DISA STIG and SRG Library | Vaulted

V-4636

A Secure WLAN (SWLAN) must conform to an approved network architecture.

Finding ID
WIR0210
Rule ID
SV-4636r1_rule
Severity
Cat I
CCE
(None)
Group Title
SWLAN architecture
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

Approved network architectures have been assessed for IA risk. Non-approved architectures provide less assurance than approved architectures because they have not undergone the same level of evaluation.

Fix Text

Disable or remove the non-compliant SWLAN or reconfigure it to conform to one of the approved architectures.

Check Content

Detailed Policy Requirements: The SWLAN architecture conforms to one of the approved configurations: LAN Extension: This architecture provides wireless access to the wired infrastructure using a Harris SecNet 11/ 54 or L3 KOV-26 Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 2.2 in the DISA FSO Wireless Overview for an example of the LAN Extension architecture. Wireless Bridging: This architecture provides point-to-point bridging using Harris SecNet 11/ 54 or Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 2.3 in the DISA FSO Wireless Overview for an example of the Wireless Bridging architecture. Wireless Peer-to-Peer: This architecture provides point-to-point communications between wireless clients using Harris SecNet 11/ 54 or Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 3.2 in the DISA FSO Wireless Overview for an example of the Wireless Peer-to-Peer architecture. Check Procedures: Interview the SA or IAO to obtain SWLAN network diagrams. Review the SWLAN architecture and ensure it conforms to one of the approved use cases.

Responsibility

Information Assurance Officer

IA Controls

ECSC-1, ECWN-1