Reference: CMMC 2.0
Level Introduced: 2
Title: Wireless Access Protection
Protect wireless access using authentication and encryption.
Use a combination of authentication and encryption methods to protect the access to wireless networks. Authenticating users to a Wireless Access Point can be done in numerous ways. One approach uses shared key authentication based on a Pre-Shared Key. Another possibility uses Network Extensible Authentication Protocol (EAP) based on an authentication server (such as a Remote Authentication Dial-In User Service (RADIUS) server) and a mechanism to enforce port-based network access control. Open authentication should not be used because it authenticates any user, and at best, logs the MAC address, which is easily spoofed.
You are responsible for protecting the data in your organization by configuring the Wireless Access Point to enforce authentication. Before users gain access to your network, they must authenticate by demonstrating possession of a pre-shared key (typically used in smaller companies) before crypto keys can be installed; or by passing credentials to a RADIUS server (typically used in larger organizations) before the access port is opened.