CMMC Practice AC.2.011

Authorize wireless access prior to allowing such connections.


CMMC Version 1.02, pg. 61

Bold Coast Security Guidance

You must authorize any wireless network prior to their implementation. The authorization must include the types of devices which may use the network and how it will be configured. The authorization may state that is only used by company owned assets, employees, or other authorized personnel (contractors, temps). You may decide to inform users that only company assets are permitted on the corporate wireless network, but they may use the guest network for personal devices.

Discussion From Source

DRAFT NIST SP 800-171 R2 Establishing usage restrictions and configuration/connection requirements for wireless access to the system provides criteria for organizations to support wireless access authorization decisions. Such restrictions and requirements reduce the susceptibility to unauthorized access to the system through wireless technologies. Wireless networks use authentication protocols which provide credential protection and mutual authentication.