Back to Control Explorer
AC.5.024
Content
Control Acronym
AC
Family
Access Control
CMMC Level
5
800-171 Control #
N/A
CMMC Description
Identify and mitigate risk associated with unidentified wireless access points connected to the network.
CMMC Clarification
This practice can be implemented in a variety of ways. One approach would be to use a Wireless Intrusion Detection System (WIDS), a network device that monitors the radio spectrum for the presence of unauthorized access points. Other approaches are those used to detect and/or block any rogue network device. On the physical security side, unused RJ45 jacks in a facility can be turned off, however, this does not account for repurposing an authorized jack. A more robust solution is to identify authorized devices and create access controls limiting connections to those devices. Each device that is allowed to connect has a profile to include expected physical location that is maintained by the system administrators. This, in turn, facilitates the creation of a device white list which can be used with a port monitoring tool to control connections. Another approach would be the utilization of device detection software that the system administrator uses to establish a device baseline which is periodically compared to new scans using the same software to identify changes, specifically unauthorized additions when compared to the scan result of authorized connected devices. Example 1 You are a security engineer and the organization has implemented a WIDS. The WIDS detects signals from an unauthorized access point and sends an alert. You investigate and verify the unauthorized access point exists on the network. You work with the network team to block all traffic on the network (both into and out of the access point) until the device can be located and removed. Example 2 You are a network engineer at your organization. You have noticed that there is a new device on the network that has not been profiled. You use the information from your network diagrams and your tools to identify the office where the port terminates. Using this information, you look in your database and learn that it is normally a printer that plugs into that port. Your network tools do not show the printer on the network. You disable the network port and visit the office. When you arrive, you find that a network printer has been unplugged and an unapproved access point has been plugged into it’s port. The employee in the office says that they needed better wireless access in the office so they brought in the access point from home and plugged it in. You explain that this is against company policy, unplug their access point, and plug the printer back into the port. Returning to your desk, Cybersecurity
800-171 Description
800-171 Discussion
N/A
Other Source Discussion
CMMC Unidentified and unauthorized wireless access points can be connected to a network by authorized users trying to extend the network or by malicious users. They may allow unauthorized users direct access to an organization’s network. In either case they represent a cybersecurity vulnerability. Organizations must mitigate this vulnerability.
CIS Control References
CIS Controls v7.1 15.3
NIST 800-53 Control Ref.
NIST SP 800-53 Rev 4 SI-4(14)
CMMC Derived
CMMC
NIST CSF Control References
NIST 800-171 References
Applicable FAR Clause
NIST CSF Control Reference
NIST CSF v1.1 PR.DS-5, DE.AE-1, DE.CM-7