CMMC AC.2.011 - Authorize Wireless Access

CMMC AC.2.011 - Authorize Wireless Access

Requirement text: AC.2.011: Authorize wireless access prior to allowing such connections.

DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2
Establishing usage restrictions and configuration/connection requirements for wireless
access to the system provides criteria for organizations to support wireless access
authorization decisions. Such restrictions and requirements reduce the susceptibility to
unauthorized access to the system through wireless technologies. Wireless networks use
authentication protocols which provide credential protection and mutual authentication.

CMMC CLARIFICATION
You should base the use of wireless technologies on approved guidelines from management.
These guidelines may include the following:
      • types of devices, such as corporate or privately-owned equipment;
      • configuration requirements of the devices; and
      • authorization requirements before granting such connections.

Example
Your company is implementing a wireless network at their headquarters. You work with
management to draft policies about the use of the wireless network. You allow only
company-approved devices that contain verified security configuration settings. Also, you
write usage restrictions to follow for anyone who wants to use the wireless network.

REFERENCES
• NIST SP 800-171 Rev 1 3.1.16
• CIS Controls v7.1 15.1, 15.10
• NIST CSF v1.1 PR.PT-4
• CERT RMM v1.2 TM:SG2.SP2
• NIST SP 800-53 Rev 4 AC-18

    • Related Articles

    • CMMC AC.3.012 - Protect Wireless Access

      Requirement text: AC.3.012: Protect wireless access using authentication and encryption. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Organizations authenticate individuals and devices to help protect wireless access to the system. Special ...

    • Access Control: SP 800-171 Security Family 3.1

      Access is the ability to make use of any system resource. Access control is the process of granting or denying requests to:       • use information,       • use information processing services, and       • enter company facilities.  System-based ...

    • CMMC AC.3.021 -Authorize Remote Access

      Requirement text: AC.3.021: Authorize remote execution of privileged commands and remote access to security-relevant information. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 A privileged command is a human-initiated (interactively or via a ...

    • CMMC Level 1 Overview - Basic Cyber Hygiene

      CMMC Level 1 l focuses on Federal Contract Information (FCI), which is defined as “information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the ...

    • CMMC AC.2.013 - Control Remote Access

      Requirement text: AC.2.013: Monitor and control remote access sessions. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Remote access is access to organizational systems by users (or processes acting on behalf of users) communicating through ...