Back to Control Explorer



Control Acronym



Access Control

CMMC Level


800-171 Control #


CMMC Description

Identify and mitigate risk associated with unidentified wireless access points connected to the network.

CMMC Clarification

This practice can be implemented in a variety of ways. One approach would be to use a Wireless Intrusion Detection System (WIDS), a network device that monitors the radio spectrum for the presence of unauthorized access points. Other approaches are those used to detect and/or block any rogue network device. On the physical security side, unused RJ45 jacks in a facility can be turned off, however, this does not account for repurposing an authorized jack. A more robust solution is to identify authorized devices and create access controls limiting connections to those devices. Each device that is allowed to connect has a profile to include expected physical location that is maintained by the system administrators. This, in turn, facilitates the creation of a device white list which can be used with a port monitoring tool to control connections. Another approach would be the utilization of device detection software that the system administrator uses to establish a device baseline which is periodically compared to new scans using the same software to identify changes, specifically unauthorized additions when compared to the scan result of authorized connected devices. Example 1 You are a security engineer and the organization has implemented a WIDS. The WIDS detects signals from an unauthorized access point and sends an alert. You investigate and verify the unauthorized access point exists on the network. You work with the network team to block all traffic on the network (both into and out of the access point) until the device can be located and removed. Example 2 You are a network engineer at your organization. You have noticed that there is a new device on the network that has not been profiled. You use the information from your network diagrams and your tools to identify the office where the port terminates. Using this information, you look in your database and learn that it is normally a printer that plugs into that port. Your network tools do not show the printer on the network. You disable the network port and visit the office. When you arrive, you find that a network printer has been unplugged and an unapproved access point has been plugged into it’s port. The employee in the office says that they needed better wireless access in the office so they brought in the access point from home and plugged it in. You explain that this is against company policy, unplug their access point, and plug the printer back into the port. Returning to your desk, Cybersecurity

800-171 Description

800-171 Discussion


Other Source Discussion

CMMC Unidentified and unauthorized wireless access points can be connected to a network by authorized users trying to extend the network or by malicious users. They may allow unauthorized users direct access to an organization’s network. In either case they represent a cybersecurity vulnerability. Organizations must mitigate this vulnerability.

CIS Control References

CIS Controls v7.1 15.3

NIST 800-53 Control Ref.

NIST SP 800-53 Rev 4 SI-4(14)

CMMC Derived


NIST CSF Control References

NIST 800-171 References

Applicable FAR Clause

NIST CSF Control Reference

NIST CSF v1.1 PR.DS-5, DE.AE-1, DE.CM-7

CERT RMM Reference

Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference


Assessment Sub-Criteria 1

Assessment Sub-Criteria 2

Assessment Sub-Criteria 3

Assessment Sub-Criteria 4

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15