Security Control 7:
Wireless Device Control
Protect restricted information from being transmitted over unencrypted wireless or through unauthorized access points: Encrypt wireless traffic. Ensure that all wireless access points are manageable using enterprise management tools. Configure scanning tools to detect wireless access points.
Key: REQ = Required, REC = Recommended, OPT = Optional
| ID | Details | High | Med | Low |
|---|---|---|---|---|
|
7.1 |
Ensure that all wireless access points are manageable using enterprise management tools. Do not install access points without local network engineer and security input. Access points designed for home use often lack such enterprise management capabilities, and should therefore be avoided in enterprise environments. |
REQ | REQ | REQ |
|
7.2 |
Disable peer-to-peer wireless network capabilities on wireless clients, unless such functionality meets a documented business need. |
REQ | REQ | OPT |
|
7.3 |
Disable wireless peripheral access of devices (such as Bluetooth), unless such access is required for a documented business need. |
REQ | REQ | OPT |
|
7.4 |
For devices that do not have an essential wireless business purpose, disable wireless access in the hardware configuration, with password protections to lower the possibility that the user will override such configurations. |
REQ | REC | OPT |
|
7.5 |
Ensure that all wireless traffic leverages at least advanced encryption standard (AES) encryption used with at least WiFi Protected Access 2 protection. |
REQ | REC | OPT |
|
7.6 |
Network vulnerability scanning tools should be configured to detect wireless access points connected to the wired network. Identified devices should be reconciled against a list of authorized wireless access points. Unauthorized (i.e., rogue) access points should be deactivated. |
REQ | OPT | OPT |