DoD readies wireless mandate

The U.S. Department of Defense is putting the final touches on a policy memo that will mandate use of the IEEE 802.11i security standard for unclassified wireless networks.

The mandate could spark a proliferation of wireless LAN (WLAN) deployments throughout the federal marketplace, as civilian agencies take their cue from the Defense Department. And it will be a key element in the department's Global Information Grid, an unfolding set of inter-related, IP-based networks.

The new policy should encourage wireless vendors to incorporate 802.11i into more products, which still have to be certified as meeting the Federal Information Processing Standards (FIPS) 140-2 specification.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The U.S. Department of Defense is putting the final touches on a policy memo that will mandate use of the IEEE 802.11i security standard for unclassified wireless networks.

The mandate could spark a proliferation of wireless LAN (WLAN) deployments throughout the federal marketplace, as civilian agencies take their cue from the Defense Department. And it will be a key element in the department's Global Information Grid, an unfolding set of inter-related, IP-based networks.

The new policy should encourage wireless vendors to incorporate 802.11i into more products, which still have to be certified as meeting the Federal Information Processing Standards (FIPS) 140-2 specification.

"We already have two vendors that have completed FIPS 140-2 that are also WPA2 certified" by the Wi-Fi Alliance, says Stan Burlingame, commercial wireless program analyst with the Communications and Programs Policy Directorate at the Defense Department, who's overseeing the policy draft. "There are also two additional vendors going through validation through [the National Institute of Standards and Technology]. We expect four vendors to complete FIPS 140-2 and Wi-Fi certification in the next few months."

"The government [now] believes that 11i is good enough for federal adoption," says Merwyn Andrade, CTO for Aruba Wireless Networks. "This [policy] will result in huge cost savings for wireless services and harmonize standard security across all WLAN deployments."

Aruba plans to announce this week that the 802.11i implementation in two of its WLAN controllers has been granted FIPS 140-2 certification.

The new policy memo is due to be completed within the next few weeks, Burlingame says.

The security document will require unclassified Defense Department WLANs to use products that implement the encryption and authentication mechanisms in the 802.11i standard. The Wi-Fi Alliance certifies 802.11i products under its Wi-Fi Protected Access 2 Enterprise, and Burlingame says the new policy will call for WPA2 certification.

By mandating a commercial security standard, the Defense Department hopes to ensure that affordable WLAN equipment is widely available and interoperable in enterprise-class wireless networks, Burlingame says. An 802.11i network will require code on client devices, the access points they connect to, possibly a WLAN switch, and an authentication server, such as RADIUS. Such an end-to-end solution doesn't exist in the federal market today.

Read more about wireless & mobile in Network World's Wireless & Mobile section.