Configure key encryption
Summary​
The organization must prefer the use of WPA2 Personal or WPA2 Enterprise (802.1x) key encryption methods.
Description​
WPA2 (Wi-Fi Protected Access 2) is a significant improvement over its predecessor, WPA. WPA2 employs stronger encryption algorithms, making it more resistant to wireless attacks. The implementation of WPA2 Personal or WPA2 Enterprise (802.1x) key encryption methods is an essential method to establish a secure Wi-Fi network. It ensures strong encryption, and robust authentication.
Supported In​
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🔴 |
| Advanced | 🟢 |
References​
- OWASP TOP 10-A5. Security misconfiguration
- NY SHIELD Act-5575_B_6. Personal and private information
- NYDFS-500_15. Encryption of nonpublic information
- PA-DSS-2_5. Implement key management processes and procedures for cryptographic keys used for encryption of cardholder data
- PA-DSS-6_1. The wireless technology must be implemented securely
- PA-DSS-6_2. For wireless technology, implement strong encryption for authentication and transmission
- CMMC-AC_L2-3_1_17. Wireless access protection
- CMMC-SC_L1-3_13_1. Boundary protection
- CMMC-SC_L2-3_13_10. Key management
- HITRUST CSF-09_m. Network controls
- ISO/IEC 27002-8_20. Network controls
- OSSTMM3-9_7_4. Wireless security (controls verification) - Integrity
- ISSAF-L_8. Network security - WLAN security (global countermeasures)
- PTES-3_7_1. Identify protection mechanisms - Network based protections
- PTES-6_7_6_1. Exploitation - Proximity access (wifi attacks)
- C2M2-9_5_e. Implement data security for cybersecurity architecture
- PCI DSS-2_3_2. Wireless environments are configured and managed securely
- SIG Core-N_1_12. Network security
- CWEâ„¢-1262. Improper access control for register interface
- ISO/IEC 27001-8_20. Network controls
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.