STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Network WLAN AP-NIPR Platform Security Technical Implementation Guide

Version

V7R3

Release Date

Feb 13, 2023

SCAP Benchmark ID

Network_WLAN_AP-NIPR_Platform_STIG

Total Checks

11

Tags

network
CAT I: 0CAT II: 9CAT III: 2

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSON

Checks (11)

V-243216MEDIUMThe site must conduct continuous wireless Intrusion Detection System (IDS) scanning.V-243217LOWWLAN SSIDs must be changed from the manufacturer's default to a pseudo random word that does not identify the unit, base, organization, etc.V-243218MEDIUMThe WLAN inactive/idle session timeout must be set for 30 minutes or less.V-243219MEDIUMWLAN components must be Wi-Fi Alliance certified with WPA2 or WPA3.V-243220MEDIUMWLAN must use EAP-TLS.V-243221MEDIUMWLAN components must be FIPS 140-2 or FIPS 140-3 certified and configured to operate in FIPS mode.V-243222MEDIUMWLAN EAP-TLS implementation must use certificate-based PKI authentication to connect to DoD networks.V-243223LOWWLAN signals must not be intercepted outside areas authorized for WLAN access.V-243224MEDIUMWireless access points and bridges must be placed in dedicated subnets outside the enclave's perimeter.V-243225MEDIUMThe network device must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.V-243226MEDIUMThe network device must not be configured to have any feature enabled that calls home to the vendor.