STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

HPE Aruba Networking AOS Wireless Security Technical Implementation Guide

Version

V1R2

Release Date

Feb 25, 2026

SCAP Benchmark ID

HPE_Aruba_AOS_Wireless_STIG

Total Checks

14

Tags

network

CAT I: 0CAT II: 13CAT III: 1

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON Download STIG ZIP

Checks (14)

V-266557MEDIUMAOS must use Transport Layer Security (TLS) 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.V-266559MEDIUMAOS must protect wireless access to the network using authentication of users and/or devices.V-266560MEDIUMThe network element must protect wireless access to the system using Federal Information Processing Standard (FIPS)-validated Advanced Encryption Standard (AES) block cipher algorithms with an approved confidentiality mode.V-266577MEDIUMAOS must be configured to disable nonessential capabilities.V-266591MEDIUMAOS must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks.V-266627MEDIUMAOS must require devices to reauthenticate when organization-defined circumstances or situations requiring reauthentication.V-266632MEDIUMThe network element must authenticate all network-connected endpoint devices before establishing any connection.V-266639MEDIUMAOS must use cryptographic algorithms approved by the National Security Agency (NSA) to protect national security systems (NSS) when transporting classified traffic across an unclassified network.V-266644MEDIUMAOS, in conjunction with a remote device, must prevent the device from simultaneously establishing nonremote connections with the system and communicating via some other connection to resources in external networks.V-266703MEDIUMWhen AOS is used as a wireless local area network (WLAN) controller, WLAN Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) implementation must use certificate-based public key infrastructure (PKI) authentication to connect to DOD networks.V-266704MEDIUMThe site must conduct continuous wireless Intrusion Detection System (IDS) scanning.V-266705MEDIUMAOS, when configured as a WLAN bridge, must not be configured to have any feature enabled that calls home to the vendor.V-266707MEDIUMAOS, when used as a WLAN bridge or controller, must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.V-266708LOWAOS wireless local area network (WLAN) service set identifiers (SSIDs) must be changed from the manufacturer's default to a pseudo random word that does not identify the unit, base, organization, etc.