AC-18 Wireless Access Restrictions

    Control: The organization: (i) establishes usage restrictions and implementation guidance for wireless technologies; and (ii) authorizes, monitors, controls wireless access to the information system.

    Supplemental Guidance: NIST Special Publications 800-48 and 800-97 provide guidance on wireless network security. NIST Special Publication 800-94 provides guidance on wireless intrusion detection and prevention.

    Control Enhancements:

    (1) The organization uses authentication and encryption to protect wireless access to the information system.

    (2) The organization scans for unauthorized wireless access points [Assignment: organization-defined frequency] and takes appropriate action if such an access points are discovered.

    Enhancement Supplemental Guidance: Organizations conduct a thorough scan for unauthorized wireless access points in facilities containing high-impact information systems. The scan is not limited to only those areas within the facility containing the high-impact information systems.

    Baseline: LOW AC-18 MOD AC-18 (1) HIGH AC-18 (1) (2)

    Family: Access Control

    Class: Technical

    ISO 17799 mapping: 11.4.2, 11.7.1, 11.7.2

    COBIT 4.1 mapping: None.

    PCI-DSS v2 mapping: 2.1.1