NIST 800-171 - Wireless Access Authorization (3.1.16)

Overview:
Authorize wireless access prior to allowing such connections.

Action Items:
3.1.16[a]
Determine if: wireless access points are identified.

3.1.16[b]
Determine if: wireless access is authorized prior to allowing such connections.

POTENTIAL ASSESSMENT METHODS AND OBJECTS

1
Examine: Access control policy; configuration management plan; procedures addressing wireless access implementation and usage (including restrictions); system security plan; system design documentation; system configuration settings and associated documentation; wireless access authorizations; system audit logs and records; other relevant documents or records].

2
Interview: Personnel with responsibilities for managing wireless access connections; personnel with information security responsibilities].

3
Test: Wireless access management capability for the system].

Related Documents (document name and content will vary by organization):
1) Access control policy
2) configuration management plan
3) procedures addressing wireless access implementation and usage (including restrictions)
4) system security plan
5) system design documentation
6) system configuration settings and associated documentation
7) wireless access authorizations
8) system audit logs and records
9) other relevant documents or records

Additional Guidance:
Establishing usage restrictions and configuration/connection requirements for wireless access to the system provides criteria for organizations to support wireless access authorization decisions. Such restrictions and requirements reduce the susceptibility to unauthorized access to the system through wireless technologies. Wireless networks use authentication protocols which provide credential protection and mutual authentication. NIST Special Publications 800-48 and 800-97 provide guidance on secure wireless networks.