3.1.16—Access Control - Derived
Derived Requirement
>Control Description
Authorize wireless access prior to allowing such connections
>Discussion
Establishing usage restrictions and configuration/connection requirements for wireless access to the system provides criteria for organizations to support wireless access authorization decisions. Such restrictions and requirements reduce the susceptibility to unauthorized access to the system through wireless technologies. Wireless networks use authentication protocols which provide credential protection and mutual authentication. [SP 800-97] provides guidance on secure wireless networks.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern authorization of wireless access?
- •What approval process exists for wireless network access?
- •How do you manage and review wireless access authorizations?
- •Who approves wireless access for employees, contractors, guests?
- •What procedures address unauthorized wireless devices?
Technical Implementation:
- •What wireless authentication mechanisms are implemented (802.1X, WPA3)?
- •How do you enforce wireless access control lists?
- •What controls prevent unauthorized wireless access points (rogue APs)?
- •How is wireless network traffic encrypted?
- •What wireless intrusion detection systems are deployed?
Evidence & Documentation:
- •Can you provide wireless access authorization lists?
- •What logs track wireless authentication and access events?
- •Can you show wireless controller configurations?
- •What evidence demonstrates rogue AP detection and prevention?
- •What audit reports verify wireless access control compliance?
Ask AI
Configure your API key to use AI features.