Level 5 CMMC - CMMC Practices

AC.2.011  

Reference: CMMC 1.02

Family: AC

Level Introduced: 2

Practice:
Authorize wireless access prior to allowing such connections.

CMMC Clarification:
You should base the use of wireless technologies on approved guidelines from management. These guidelines may include the following:
• types of devices, such as corporate or privately-owned equipment;
• configuration requirements of the devices; and
• authorization requirements before granting such connections.

Example
Your company is implementing a wireless network at their headquarters. You work with management to draft policies about the use of the wireless network. You allow only company-approved devices that contain verified security configuration settings. Also, you write usage restrictions to follow for anyone who wants to use the wireless network.

3.1.16

Authorize wireless access prior to allowing such connections.

Discussion:
Establishing usage restrictions and configuration/connection requirements for wireless access to the system provides criteria for organizations to support wireless access authorization decisions. Such restrictions and requirements reduce the susceptibility to unauthorized access to the system through wireless technologies. Wireless networks use authentication protocols which provide credential protection and mutual authentication.

[SP 800-97] provide guidance on secure wireless networks.

Source: NIST Special Publication 800-171 Rev. 2

AC-18

WIRELESS ACCESS

Description:
The organization:
    a. Establishes usage restrictions, configuration/connection requirements, and implementation guidance for wireless access; and
    b. Authorizes wireless access to the information system prior to allowing such connections.

Supplemental Guidance:
Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. Related controls: AC-2, AC-3, AC-17, AC-19, CA-3, CA-7, CM-8, IA-2, IA-3, IA-8, PL-4, SI-4.

Source: NIST Special Publication 800-53 Rev. 4

Source: CMMC v1.02