CMMC Requirement AC.L2-3.1.16 – Wireless Access Authorization: Authorize wireless access prior to allowing such connections.
This webpage provides the reader a basic understanding of the various wireless encryption types. This article provides an overview of how to test wireless security for an enterprise, providing an understanding of wireless and the risks and vulnerabilities involved with its use. The intended purpose of this document is to provide guidelines for proper planning, preparation, and identification of the key items to check through the analysis of a survey report. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. Follow these 10 steps today to make your network and business information safer. This infosheet gives National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) users the best practices for securing devices when conducting business in public settings. I This webpage provides the reader a basic understanding of 802.1x authentication for wireless networks. This NIST Special Publication provides organizations with recommendations for improving the security configuration and monitoring of their IEEE 802.11 wireless local area networks. This NIST Special Publication covers IEEE 802.11i-based wireless LANs only. This sample policy from Rutgers is an example of how an organization can define the requirements associated with access to, and usage of, wireless networks. This policy from SANS provides an example of the conditions that wireless infrastructure devices must satisfy to connect to a company network. This is a sample wireless communication standard for enterprise customization and implementation. This SANS whitepaper discusses how to deploy secure Enterprise wireless networks. This SANS whitepaper is a step by step guide for users to be able to secure their wireless networks at home. This example policy from UCSF describes their organized approach in deploying wireless technologies on the enterprise network. In this edition of the On Call Compliance Solutions Compliance Tip of the Week, we discuss establishing usage restrictions and configuration/connection requirements for wireless access to the system and how such restrictions and requirements reduce the susceptibility to unauthorized access to the system through wireless technologies. Let's talk about NIST 800-171 Control 3.1.16 -- Authorize wireless access prior to allowing such connections. This provides an outline to wireless security, including: Wireless Threats, Security Methods, Encryption, & Authentication.
Establishing usage restrictions and configuration/connection requirements for wireless access to the system provides criteria for organizations to support wireless access authorization decisions. Such restrictions and requirements reduce the susceptibility to unauthorized access to the system through wireless technologies. Wireless networks use authentication protocols that provide credential protection and mutual authentication.
Further Discussion
Guidelines from management form the basis for the requirements that must be met prior to authorizing a wireless connection. These guidelines may include the following:
- types of devices, such as corporate or privately owned equipment;
- configuration requirements of the devices; and
- authorization requirements before granting such connections.
AC.L2-3.1.16, AC.L2-3.1.17, and AC.L2-3.1.18 are complementary requirements in that they all establish control for the connection of mobile devices and wireless devices through the use of authentication, authorization, and encryption mechanisms.