AC.L2-3.1.17 Wireless Access Protection

Protect wireless access using authentication and encryption.

Source: NIST SP 800-171 Rev 2 3.1.17

Discussion: Organizations authenticate individuals and devices to help protect wireless access to the system. Special attention is given to the wide variety of devices that are part of the Internet of Things with potential wireless access to organizational systems. See [NIST CRYPTO].

Assessment Objectives:

Determine if:

• [a] wireless access to the system is protected using authentication; and
• [b] wireless access to the system is protected using encryption.

Examine: [SELECT FROM: Access control policy; system design documentation; procedures addressing wireless implementation and usage (including restrictions); security plan; system configuration settings and associated documentation; system audit logs and records; other relevant documents or records].

Interview: [SELECT FROM: System or network administrators; personnel with information security responsibilities; system developers].

Test: [SELECT FROM: Mechanisms implementing wireless access protections to the system].

SPRS Score: 5

POA&M Allowed: No