STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Network WLAN AP-IG Management Security Technical Implementation Guide

Version

V7R2

Release Date

Sep 13, 2023

SCAP Benchmark ID

Network_WLAN_AP-IG_Mgmt_STIG

Total Checks

19

Tags

network
CAT I: 6CAT II: 13CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (19)

V-243134MEDIUMThe password configured on the WLAN access point for key generation and client access must be set to a 15-character or longer complex password as required by USCYBERCOM CTO 07-15 Rev1.V-243135MEDIUMThe network device must enforce a minimum 15-character password length.V-243136MEDIUMThe network device must not have any default manufacturer passwords when deployed.V-243137MEDIUMThe network device must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.V-243138HIGHThe network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.V-243139MEDIUMThe network device must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.V-243140HIGHThe network device must enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device.V-243141HIGHThe network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.V-243142MEDIUMThe network device must generate audit records when successful/unsuccessful logon attempts occur.V-243143HIGHThe network device must be running an operating system release that is currently supported by the vendor.V-243144HIGHThe network device must be configured to use an authentication server to authenticate users prior to granting administrative access.V-243145MEDIUMThe network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).V-243146MEDIUMThe network device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.V-243147MEDIUMThe network device must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.V-243148HIGHThe network device must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.V-243149MEDIUMThe network device must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.V-243150MEDIUMThe network device must implement replay-resistant authentication mechanisms for network access to privileged accounts.V-243151MEDIUMThe network device must be configured with both an ingress and egress ACL.V-243152MEDIUMThe network device must be configured to synchronize internal information system clocks using redundant authoritative time sources.