STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Anduril NixOS Security Technical Implementation Guide

V-268146

CAT I (High)

NixOS must protect wireless access to and from the system using encryption.

Rule ID

SV-268146r1131093_rule

STIG

Anduril NixOS Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001444, CCI-002418

Discussion

Allowing devices and users to connect to or from the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Since wireless communications can be intercepted, it is necessary to use encryption to protect the confidentiality of information in transit. Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. This requirement applies to those operating systems that control wireless devices. Satisfies: SRG-OS-000299-GPOS-00117, SRG-OS-000481-GPOS-00481

Check Content

Verify NixOS disables wireless adapters by running the following command: 

$ grep -R networking.wireless /etc/nixos/

 /etc/nixos/configuratino.nix:networking.wireless.enable = false;

If " networking.wireless.enable", does not equal false, is missing, or is commented out, this is a finding.

Fix Text

Configure the audit service to disable wireless interfaces.

Add the following Nix code to the NixOS Configuration, usually located in /etc/nixos/configuration.nix or /etc/nixos/flake.nix:

 networking.wireless.enable = false;

Rebuild and switch to the new NixOS configuration:
$ sudo nixos-rebuild switch