NIST 800-171 - Wireless Access Encryption (3.1.17)

Overview:
Protect wireless access using authentication and encryption.

Action Items:
3.1.17[a]
Determine if: wireless access to the system is protected using authentication.

3.1.17[b]
Determine if: wireless access to the system is protected using encryption.

POTENTIAL ASSESSMENT METHODS AND OBJECTS

1
Examine: Access control policy; system design documentation; procedures addressing wireless implementation and usage (including restrictions); system security plan; system configuration settings and associated documentation; system audit logs and records; other relevant documents or records].

2
Interview: System or network administrators; personnel with information security responsibilities; system developers].

3
Test: Mechanisms implementing wireless access protections to the system].

Related Documents (document name and content will vary by organization):
1) Access control policy
2) system design documentation
3) procedures addressing wireless implementation and usage (including restrictions)
4) system security plan
5) system configuration settings and associated documentation
6) system audit logs and records
7) other relevant documents or records

Additional Guidance:
Organizations can authenticate individuals and devices to help protect wireless access to the system. Special attention should be given to the wide variety of devices that are part of the Internet of Things with potential wireless access to organizational systems. See NIST Cryptographic Standards.