AC.2.011

Control Acronym

AC

Family

Access Control

CMMC Level

2

800-171 Control #

3.1.16

CMMC Description

Authorize wireless access prior to allowing such connections.

CMMC Clarification

You should base the use of wireless technologies on approved guidelines from management. These guidelines may include the following: * types of devices, such as corporate or privately-owned equipment * configuration requirements of the devices * authorization requirements before granting such connections. Example Your company is implementing a wireless network at their headquarters. You work with management to draft policies about the use of the wireless network. You allow only company-approved devices that contain verified security configuration settings. Also, you write usage restrictions to follow for anyone who wants to use the wireless network.

800-171 Description

Authorize wireless access prior to allowing such connections.

800-171 Discussion

Establishing usage restrictions and configuration/connection requirements for wireless access to the system provides criteria for organizations to support wireless access authorization decisions. Such restrictions and requirements reduce the susceptibility to unauthorized access to the system through wireless technologies. Wireless networks use authentication protocols which provide credential protection and mutual authentication.[SP 800-97] provide guidance on secure wireless networks.

Other Source Discussion

N/A

CIS Control References

CIS Controls v7.1 15.1, 15.10

NIST 800-53 Control Ref.

NIST SP 800-53 Rev 4 AC-18

CMMC Derived

NIST CSF Control References

NIST 800-171 References

NIST SP 800-171 Rev 1 3.1.16

Applicable FAR Clause

NIST CSF Control Reference

NIST CSF v1.1 PR.PT-4

CERT RMM Reference

CERT RMM v1.2 TM:SG2.SP2

Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference

Assessment Sub-Criteria 1

AC.2.011.[a] wireless access points are identified; and

Assessment Sub-Criteria 2

AC.2.011.[b] wireless access is authorized prior to allowing such connections.

Assessment Sub-Criteria 3

Assessment Sub-Criteria 4

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15