CMMC Practice AC.3.012

Protect wireless access using authentication and encryption.


CMMC Version 1.02, pg. 70

Bold Coast Security Guidance

You can secure access to your wireless network using any of the methods described above, but you must do it. Wireless networks were authorized in AC.2.011, which sets the stage for authentication described here. The mention of the Internet of Things (IoT) opens the door to creating separate networks and authentication methods for different classes of devices. If you choose a pre-shared key method, remember you should change that password on a regular basis as you likely have employees coming and going who may know or have access to that key. The more devices you have, the more disruptive that can be! If you use Radius authentication, or some other user-based method, be sure to schedule regular reviews of those users/groups.

Discussion From Source

DRAFT NIST SP 800-171 R2 Organizations authenticate individuals and devices to help protect wireless access to the system. Special attention is given to the wide variety of devices that are part of the Internet of Things with potential wireless access to organizational systems.