DISA HPE Aruba Networking AOS Wireless STIG v1r2

Audit Details

Name: DISA HPE Aruba Networking AOS Wireless STIG v1r2

Updated: 7/6/2026

Authority: DISA STIG

Plugin: ArubaOS

Revision: 1.0

Estimated Item Count: 14

File Details

Filename: DISA_STIG_HPE_Aruba_Networking_AOS_Wireless_v1r2.audit

Size: 40.7 kB

MD5: 539c1a255f70681108e37e28848a6c4e
SHA256: b047cff31682c32ff928ed11e0cc62a7053c6f35901d009c9790a9d5e68d0ea3

Audit Items

DescriptionCategories
ARBA-NT-000100 - AOS must use Transport Layer Security (TLS) 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.

ACCESS CONTROL

ARBA-NT-000120 - AOS must protect wireless access to the network using authentication of users and/or devices.

ACCESS CONTROL

ARBA-NT-000130 - The network element must protect wireless access to the system using Federal Information Processing Standard (FIPS)-validated Advanced Encryption Standard (AES) block cipher algorithms with an approved confidentiality mode.

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

ARBA-NT-000300 - AOS must be configured to disable nonessential capabilities.

CONFIGURATION MANAGEMENT

ARBA-NT-000440 - AOS must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks.

SYSTEM AND COMMUNICATIONS PROTECTION

ARBA-NT-000800 - AOS must require devices to reauthenticate when organization-defined circumstances or situations requiring reauthentication.

IDENTIFICATION AND AUTHENTICATION

ARBA-NT-000850 - The network element must authenticate all network-connected endpoint devices before establishing any connection.

IDENTIFICATION AND AUTHENTICATION

ARBA-NT-000920 - AOS must use cryptographic algorithms approved by the National Security Agency (NSA) to protect national security systems (NSS) when transporting classified traffic across an unclassified network.

SYSTEM AND COMMUNICATIONS PROTECTION

ARBA-NT-000970 - AOS, in conjunction with a remote device, must prevent the device from simultaneously establishing nonremote connections with the system and communicating via some other connection to resources in external networks.

SYSTEM AND COMMUNICATIONS PROTECTION

ARBA-NT-001590 - When AOS is used as a wireless local area network (WLAN) controller, WLAN Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) implementation must use certificate-based public key infrastructure (PKI) authentication to connect to DOD networks.

ACCESS CONTROL

ARBA-NT-001600 - The site must conduct continuous wireless Intrusion Detection System (IDS) scanning.

SYSTEM AND INFORMATION INTEGRITY

ARBA-NT-001610 - AOS, when configured as a WLAN bridge, must not be configured to have any feature enabled that calls home to the vendor.

SYSTEM AND COMMUNICATIONS PROTECTION

ARBA-NT-001650 - AOS, when used as a WLAN bridge or controller, must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.

SYSTEM AND COMMUNICATIONS PROTECTION

ARBA-NT-001660 - AOS wireless local area network (WLAN) service set identifiers (SSIDs) must be changed from the manufacturer's default to a pseudo random word that does not identify the unit, base, organization, etc.

CONFIGURATION MANAGEMENT