CMMC Practice AC.L2-3.1.16 – Wireless Access Authorization: Authorize wireless access prior to allowing such connections.
Links to Publicly Available Resources
Discussion [NIST SP 800-171 R2]
Establishing usage restrictions and configuration/connection requirements for wireless access to the system provides criteria for organizations to support wireless access authorization decisions. Such restrictions and requirements reduce the susceptibility to unauthorized access to the system through wireless technologies. Wireless networks use authentication protocols that provide credential protection and mutual authentication.
Guidelines from management form the basis for the requirements that must be met prior to authorizing a wireless connection. These guidelines may include the following:
- types of devices, such as corporate or privately owned equipment;
- configuration requirements of the devices; and
- authorization requirements before granting such connections.
AC.L2-3.1.16, AC.L2-3.1.17, and AC.L2-3.1.18 are complementary practices in that they all establish requirements to control the connection of mobile devices and wireless devices through the use of authentication, authorization, and encryption mechanisms.