AC.L2-3.1.16 Wireless Access Authorization

Authorize wireless access prior to allowing such connections.

Source: NIST SP 800-171 Rev 2 3.1.16

Discussion: Establishing usage restrictions and configuration/connection requirements for wireless access to the system provides criteria for organizations to support wireless access authorization decisions. Such restrictions and requirements reduce the susceptibility to unauthorized access to the system through wireless technologies. Wireless networks use authentication protocols which provide credential protection and mutual authentication. [SP 800-97] provides guidance on secure wireless networks.

Assessment Objectives:

Determine if:

• [a] wireless access points are identified; and
• [b] wireless access is authorized prior to allowing such connections.

Examine: [SELECT FROM: Access control policy; configuration management plan; procedures addressing wireless access implementation and usage (including restrictions); security plan; system design documentation; system configuration settings and associated documentation; wireless access authorizations; system audit logs and records; other relevant documents or records].

Interview: [SELECT FROM: Personnel with responsibilities for managing wireless access connections; personnel with information security responsibilities].

Test: [SELECT FROM: Wireless access management capability for the system].

SPRS Score: 5

POA&M Allowed: No