Every three years, your DoD network must go through a Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) to ensure STIG requirements are being adhered to. These STIG guidelines are designed to outline the security vulnerabilities that DoD networks are required to address. The guidelines are numerous, so we’ve listed a few of the most common infractions of which you may be unknowingly violating, and the correlating STIG vulnerability category (CAT I-IV).
While the severities of the categories vary, noncompliance with any of them means you are putting your network at severe risk. So if you struggle to answer, or can’t answer any of the following questions, Force 3’s experts are prepared to help:
- Did you know your users must authenticate to the WLAN using DOD Common Access Cards? (CAT II infraction)
- Did you know that your WLAN must be able to authenticate both the user and the machine using certificates? (CAT II infraction)
- Do you know it is required to have a wIDS/wIPS solution providing monitoring at all times, on every RF channel? (CAT II infraction)
- Did you know that your endpoint devices cannot have simultaneous wired and wireless connections? (CAT II infraction)
- How do you know that there are rogue devices are on your WLAN and if there are, how do you locate and quarantine them? (CAT II infraction)
What’s our process?
Force 3 takes a comprehensive, phased approach to your STIG compliance. Here’s how we go about it: