AC 18 WIRELESS ACCESS - NIST-SP-800-53-R5/NIST-SP-800-53-R5.github.io GitHub Wiki

Control:

• a. Establish configuration requirements, connection requirements, and implementation guidance for each type of wireless access; and
• b. Authorize each type of wireless access to the system prior to allowing such connections.

Discussion: Wireless technologies include microwave, packet radio (ultra-high frequency or very high frequency), 802.11x, and Bluetooth. Wireless networks use authentication protocols that provide authenticator protection and mutual authentication.

Related Controls: AC-2, AC-3, AC-17, AC-19, CA-9, CM-7, IA-2, IA-3, IA-8, PL-4, SC-40, SC-43, SI-4.

Control Enhancements:

• (1) WIRELESS ACCESS / AUTHENTICATION AND ENCRYPTION
  Protect wireless access to the system using authentication of [ Selection (one or more): users; devices ] and encryption.

  Discussion: Wireless networking capabilities represent a significant potential vulnerability that can be exploited by adversaries. To protect systems with wireless access points, strong authentication of users and devices along with strong encryption can reduce susceptibility to threats by adversaries involving wireless technologies.

  Related Controls: SC-8, SC-12, SC-13.

• (2) WIRELESS ACCESS / MONITORING UNAUTHORIZED CONNECTIONS
  [Withdrawn: Incorporated into SI-4.]

• (3) WIRELESS ACCESS / DISABLE WIRELESS NETWORKING
  Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment.

  Discussion: Wireless networking capabilities that are embedded within system components represent a significant potential vulnerability that can be exploited by adversaries. Disabling wireless capabilities when not needed for essential organizational missions or functions can reduce susceptibility to threats by adversaries involving wireless technologies.

  Related Controls: None.

• (4) WIRELESS ACCESS / RESTRICT CONFIGURATIONS BY USERS
  Identify and explicitly authorize users allowed to independently configure wireless networking capabilities.

  Discussion: Organizational authorizations to allow selected users to configure wireless networking capabilities are enforced, in part, by the access enforcement mechanisms employed within organizational systems.

  Related Controls: SC-7, SC-15.

• (5) WIRELESS ACCESS / ANTENNAS AND TRANSMISSION POWER LEVELS
  Select radio antennas and calibrate transmission power levels to reduce the probability that signals from wireless access points can be received outside of organization-controlled boundaries.

  Discussion: Actions that may be taken to limit unauthorized use of wireless communications outside of organization-controlled boundaries include reducing the power of wireless transmissions so that the transmissions are less likely to emit a signal that can be captured outside of the physical perimeters of the organization, employing measures such as emissions security to control wireless emanations, and using directional or beamforming antennas that reduce the likelihood that unintended receivers will be able to intercept signals. Prior to taking such mitigating actions, organizations can conduct periodic wireless surveys to understand the radio frequency profile of organizational systems as well as other systems that may be operating in the area.

  Related Controls: PE-19.

References: [SP 800-94], [SP 800-97].