Back to Control Explorer



Control Acronym



Access Control

CMMC Level


800-171 Control #


CMMC Description

Protect wireless access using authentication and encryption.

CMMC Clarification

Use a combination of authentication and encryption methods to protect the access to wireless networks. Authenticating users to a Wireless Access Point can be done in numerous ways. One approach uses shared key authentication based on a Pre-Shared Key. Another possibility uses Network Extensible Authentication Protocol (EAP) based on an authentication server (such as a Remote Authentication Dial-In User Service (RADIUS) server) and a mechanism to enforce port-based network access control. Open authentication should not be used because it authenticates any user, and at best, logs the MAC address, which is easily spoofed. Example You are responsible for protecting the data in your organization by configuring the Wireless Access Point to enforce authentication. Before users gain access to your network, they must authenticate by demonstrating possession of a pre-shared key (typically used in smaller companies) before crypto keys can be installed or by passing credentials to a RADIUS server (typically used in larger organizations) before the access port is opened.

800-171 Description

Protect wireless access using authentication and encryption.

800-171 Discussion

Organizations authenticate individuals and devices to help protect wireless access to the system. Special attention is given to the wide variety of devices that are part of the Internet of Things with potential wireless access to organizational systems. See [NIST CRYPTO].

Other Source Discussion


CIS Control References

CIS Controls v7.1 15.7, 15.8

NIST 800-53 Control Ref.

NIST SP 800-53 Rev 4 AC-18(1)

CMMC Derived

NIST CSF Control References

NIST 800-171 References

NIST SP 800-171 Rev 1 3.1.17

Applicable FAR Clause

NIST CSF Control Reference


CERT RMM Reference


Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference


Assessment Sub-Criteria 1

AC.3.012.[a] wireless access to the system is protected using authentication; and

Assessment Sub-Criteria 2

AC.3.012.[b] wireless access to the system is protected using encryption.

Assessment Sub-Criteria 3

Assessment Sub-Criteria 4

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15