DoD STIGs – V-32455

Overview:

Title: Applications managing network connections for devices must authenticate devices before establishing wireless network connections by using bidirectional authentication that is cryptographically based.

Vulnerability ID: V-32455

STIG ID:

IA Controls: None

Severity: medium

Description: Device authentication is a solution enabling an organization to manage devices.

It is an additional layer of authentication ensuring only specific pre-authorized devices operated by specific pre-authorized users can access the network.

Device authentication requires unique identification and authentication that may be defined by type, by specific device, or by a combination of type and device, as deemed appropriate by the organization.

The application typically uses either shared known information (e.g., Media Access Control [MAC] or Transmission Control Protocol/Internet Protocol [TCP/IP] addresses) for identification or an organizational authentication solution (e.g., IEEE 802.1x and Extensible Authentication Protocol [EAP], Radius server with EAP-Transport Layer Security [TLS] authentication, Kerberos) to identify and authenticate devices on local and/or wide area networks.

The required strength of the device authentication mechanism is determined by the security categorization of the information system.

Bidirectional authentication provides a means for both connecting parties to mutually authenticate one another and cryptographically based authentication provides a secure means of authenticating without the use of clear text passwords.

This requirement is for applications managing network connections for devices. This requirement is NA for databases.

Check Text: This check is NA for databases.

Fix Text: This fix is NA for databases.

[divider]

Interpreting V-32455:

SQL Server does not directly manage connections on the network in the ways mentioned in this requirements.

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.