STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Network WLAN AP-IG Platform Security Technical Implementation Guide

Version

V7R3

Release Date

Feb 13, 2023

SCAP Benchmark ID

Network_WLAN_AP-IG_Platform_STIG

Total Checks

9

Tags

network
CAT I: 0CAT II: 7CAT III: 2

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSON

Checks (9)

V-243207LOWWLAN SSIDs must be changed from the manufacturer's default to a pseudo random word that does not identify the unit, base, organization, etc.V-243208MEDIUMThe WLAN inactive/idle session timeout must be set for 30 minutes or less.V-243209MEDIUMWLAN components must be Wi-Fi Alliance certified with WPA2 or WPA3.V-243210MEDIUMWLAN components must be FIPS 140-2 or FIPS 140-3 certified and configured to operate in FIPS mode.V-243211LOWWLAN signals must not be intercepted outside areas authorized for WLAN access.V-243212MEDIUMThe WLAN access point must be configured for Wi-Fi Alliance WPA2 or WPA3 security.V-243213MEDIUMDoD Components providing guest WLAN access (internet access only) must use separate WLAN or logical segmentation of the enterprise WLAN (e.g., separate service set identifier [SSID] and virtual LAN) or DoD network.V-243214MEDIUMThe network device must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.V-243215MEDIUMThe network device must not be configured to have any feature enabled that calls home to the vendor.