Reference: CMMC 2.11
Family: AC
Level Introduced: 2
Title: Wireless Access Protection
Practice:
Protect wireless access using authentication and encryption.
CMMC Clarification:
Use a combination of authentication and encryption methods to protect the access to wireless networks. Authenticating users to a Wireless Access Point can be done in numerous ways. One approach uses shared key authentication based on a Pre-Shared Key. Another possibility uses Network Extensible Authentication Protocol (EAP) based on an authentication server (such as a Remote Authentication Dial-In User Service (RADIUS) server) and a mechanism to enforce port-based network access control. Open authentication should not be used because it authenticates any user, and at best, logs the MAC address, which is easily spoofed.
Example
You are responsible for protecting the data in your organization by configuring the Wireless Access Point to enforce authentication. Before users gain access to your network, they must authenticate by demonstrating possession of a pre-shared key (typically used in smaller companies) before crypto keys can be installed; or by passing credentials to a RADIUS server (typically used in larger organizations) before the access port is opened.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.