CMMC Practice AC.5.024: Identify and mitigate risk associated with unidentified wireless access points connected to the network.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
This practice can be implemented in a variety of ways. One approach would be to use a Wireless Intrusion Detection System (WIDS), a network device that monitors the radio spectrum for the presence of unauthorized access points. Other approaches are those used to detect and/or block any rogue network device. On the physical security side, unused RJ45 jacks in a facility can be turned off, however, this does not account for repurposing an authorized jack. A more robust solution is to identify authorized devices and create access controls limiting connections to those devices. Each device that is allowed to connect has a profile to include expected physical location that is maintained by the system administrators. This, in turn, facilitates the creation of a device white list which can be used with a port monitoring tool to control connections. Another approach would be the utilization of device detection software that the system administrator uses to establish a device baseline which is periodically compared to new scans using the same software to identify changes, specifically unauthorized additions when compared to the scan result of authorized connected devices.