CMMC Practice AC.5.024
Identify and mitigate risk associated with unidentified wireless access points connected to the network.
Bold Coast Security Guidance
Monitoring and identifying "rogue" access points has been a challenging problem for many organizations. Initial attempts to solve this problem involved using active denial of service attacks against detected and unauthorized devices. You can imagine the problems this may have caused in an urban area! More recently, wireless intrusion detection systems have been deployed to identify new wireless network and alert staff to their presence. You may also utilize Network Access Control at the switch level, in which only pre-approved devices can be connected to the network switch. A less robust way of meeting this control is to conduct regular, manual, access point scans using a tool which can detect all wireless network, hidden or broadcasting.
If a NAC or WIDS is implemented, you can measure its effectiveness by conducting internal penetration test noted in control AC.4.023
NAC, WIDS, and/or Rogue scanning would need to be deployed across all company locations and departments.
Unidentified and unauthorized wireless access points can be connected to a network by authorized users trying to extend the network or by malicious users. They may allow unauthorized users direct access to an organization’s network. In either case they represent a cybersecurity vulnerability. Organizations must mitigate this vulnerability.