AC-18 Wireless Access Restrictions
Control: The organization: (i) establishes usage restrictions and implementation guidance for wireless technologies; and (ii) authorizes, monitors, controls wireless access to the information system.
Supplemental Guidance: NIST Special Publications 800-48 and 800-97 provide guidance on wireless network security. NIST Special Publication 800-94 provides guidance on wireless intrusion detection and prevention.
(1) The organization uses authentication and encryption to protect wireless access to the information system.
(2) The organization scans for unauthorized wireless access points [Assignment: organization-defined frequency] and takes appropriate action if such an access points are discovered.
Enhancement Supplemental Guidance: Organizations conduct a thorough scan for unauthorized wireless access points in facilities containing high-impact information systems. The scan is not limited to only those areas within the facility containing the high-impact information systems.
Baseline: LOW AC-18 MOD AC-18 (1) HIGH AC-18 (1) (2)
Family: Access Control
ISO 17799 mapping: 11.4.2, 11.7.1, 11.7.2
COBIT 4.1 mapping: None.
PCI-DSS v2 mapping: 2.1.1