AC.3.012 Protect wireless access using authentication and encryption.

CMMC Practice AC.3.012: Protect wireless access using authentication and encryption.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

Use a combination of authentication and encryption methods to protect the access to wireless networks. Authenticating users to a Wireless Access Point can be done in numerous ways. One approach uses shared key authentication based on a Pre-Shared Key. Another possibility uses Network Extensible Authentication Protocol (EAP) based on an authentication server (such as a Remote Authentication Dial-In User Service (RADIUS) server) and a mechanism to enforce port-based network access control. Open authentication should not be used because it authenticates any user, and at best, logs the MAC address, which is easily spoofed.