Level 5 CMMC - CMMC Practices


Reference: CMMC 1.02

Family: AC

Level Introduced: 3

Protect wireless access using authentication and encryption.

CMMC Clarification:
Use a combination of authentication and encryption methods to protect the access to wireless networks. Authenticating users to a Wireless Access Point can be done in numerous ways. One approach uses shared key authentication based on a Pre-Shared Key. Another possibility uses Network Extensible Authentication Protocol (EAP) based on an authentication server (such as a Remote Authentication Dial-In User Service (RADIUS) server) and a mechanism to enforce port-based network access control. Open authentication should not be used because it authenticates any user, and at best, logs the MAC address, which is easily spoofed.

You are responsible for protecting the data in your organization by configuring the Wireless Access Point to enforce authentication. Before users gain access to your network, they must authenticate by demonstrating possession of a pre-shared key (typically used in smaller companies) before crypto keys can be installed; or by passing credentials to a RADIUS server (typically used in larger organizations) before the access port is opened.


Protect wireless access using authentication and encryption.

Organizations authenticate individuals and devices to help protect wireless access to the system. Special attention is given to the wide variety of devices that are part of the Internet of Things with potential wireless access to organizational systems. See [NIST CRYPTO].

Source: NIST Special Publication 800-171 Rev. 2

AC-18 (1)


The information system protects wireless access to the system using authentication of [Selection (one or more): users; devices] and encryption.

Supplemental Guidance:
Related controls: SC-8, SC-13.

Source: NIST Special Publication 800-53 Rev. 4

Source: CMMC v1.02