Description: 

Organizations authenticate individuals and devices to help protect wireless access to the system. Special attention is given to the wide variety of devices that are part of the Internet of Things with potential wireless access to organizational systems. See [NIST CRYPTO]. 


Priority: High 


Category: Network Security 


Services Associated with AWS: 

  • AWS Identity and Access Management (IAM), AWS Directory Service, AWS IoT Core
  • AWS Certificate Manager, AWS IoT Core, AWS Key Management Service (KMS)


Objective Evidence: 

  • Administrative: documented policies, standards & procedures 
  • Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations 
  • Technical: screen shot of wireless settings


Possible Technology Considerations: 

  • Secure Baseline Configurations (SBC)


What needs to be answered: 

Is wireless access restricted to authorized users and encrypted according to industry best practices? (FIPS 140) 

  • Implement Authentication for Wireless Access
    Description: This check ensures that authentication mechanisms are implemented to protect wireless access to the system. Organizations should authenticate both individuals and devices, especially considering the diverse range of devices in the Internet of Things (IoT) with potential wireless access to organizational systems.
  • Enable Encryption for Wireless Access
    Description: This check verifies that encryption is enabled for wireless access to provide confidentiality and integrity of data transmitted over wireless networks. Encryption helps protect sensitive information from unauthorized interception and tampering.


More details: CUI contained on cloud based systems and not on internal network.