AlmaLinux OS 9 wireless network adapters must be disabled.

STIG ID: ALMA-09-043250  |  SRG: SRG-OS-000481-GPOS-00481 |  Severity: medium |  CCI: CCI-002418,CCI-001444,CCI-001443 |  Vulnerability Id: V-269441

Vulnerability Discussion

This requirement applies to wireless peripheral technologies (e.g., wireless mice, keyboards, displays, etc.) used with AlmaLinux OS 9 systems.

Wireless peripherals (e.g., Wi-Fi/Bluetooth/IR keyboards, mice and pointing devices, and near field communications [NFC]) present a unique challenge by creating an open, unsecured port on a computer.

Wireless peripherals must meet DOD requirements for wireless data transmission and be approved for use by the authorizing official (AO). Even though some wireless peripherals, such as mice and pointing devices, do not ordinarily carry information that need to be protected, modification of communications with these wireless peripherals may be used to compromise the AlmaLinux OS 9 operating system.

Satisfies: SRG-OS-000481-GPOS-00481, SRG-OS-000299-GPOS-00117, SRG-OS-000300-GPOS-00118

Check

Note: If the system does not have physical wireless network radios, this requirement is Not Applicable.

Verify there are no wireless interfaces configured on the system with the following commands:

$ nmcli radio all

WIFI-HW WIFI WWAN-HW WWAN
enabled enabled missing disabled

$ nmcli device status

DEVICE TYPE STATE CONNECTION
wlp2s0 wifi connected cafe
lo loopback connected (externally) lo
p2p-dev-wlp2s0 wifi-p2p disconnected --
enp3s0f2 ethernet unavailable --

If a wireless interface is configured and has not been documented and approved by the information system security officer (ISSO), this is a finding.

Fix

Configure the system to disable all wireless network interfaces with the following command:

$ nmcli radio all off
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.