Title

The organization must establish usage restrictions for wireless access. (Cat II impact)

Discussion

Wireless security has additional vulnerability because of transmission over an open medium accessible by all, yielding a broader threat profile. Without a methodology for the deployment and usage of wireless devices and access, security of the infrastructure and data cannot be assured. Wireless technologies include, but are not limited to, microwave, satellite, packet radio (UHF/VHF), Wi-Fi, and Bluetooth. Wireless networks present similar security risks to those of a wired network, and since the open airwaves are the communications medium for wireless technology, an entirely new set of risks are introduced. Implementing wireless computing and networking capabilities in accordance with the organization defined wireless policy, and allowing only authorized and qualified personnel to configure wireless services, greatly reduces vulnerabilities.

Check Content

Review the organization's access control policy, security procedures addressing wireless usage restrictions, and other relevant documents. The objective is to ensure the organization has defined usage restrictions for all wireless access. If the organization has not established usage restrictions, this is a finding.

Fix Text

Establish a usage restrictions policy for wireless access within the organization's boundaries/enclave/area of responsibility.

Additional Identifiers

Rule ID:

Vulnerability ID: V-35924

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.