AC-18 Wireless Access Restrictions
Control: The organization: (i) establishes usage restrictions and implementation guidance for wireless technologies; and (ii) authorizes, monitors, controls wireless access to the information system.
Supplemental Guidance: NIST Special Publications 800-48 and 800-97 provide guidance on wireless network security. NIST Special Publication 800-94 provides guidance on wireless intrusion detection and prevention.
Control Enhancements:
(1) The organization uses authentication and encryption to protect wireless access to the information system.
(2) The organization scans for unauthorized wireless access points [Assignment: organization-defined frequency] and takes appropriate action if such an access points are discovered.
Enhancement Supplemental Guidance: Organizations conduct a thorough scan for unauthorized wireless access points in facilities containing high-impact information systems. The scan is not limited to only those areas within the facility containing the high-impact information systems.
Baseline: LOW AC-18 MOD AC-18 (1) HIGH AC-18 (1) (2)
Family: Access Control
Class: Technical
ISO 17799 mapping: 11.4.2, 11.7.1, 11.7.2
COBIT 4.1 mapping: None.
PCI-DSS v2 mapping: 2.1.1