Level 2
Description:
Establishing usage restrictions and configuration/connection requirements for wireless access to the system provides criteria for organizations to support wireless access authorization decisions. Such restrictions and requirements reduce the susceptibility to unauthorized access to the system through wireless technologies. Wireless networks use authentication protocols which provide credential protection and mutual authentication. [SP 800-97] provides guidance on secure wireless networks.
Priority: High
Domain: ACCESS CONTROL (AC)
Services Associated with AWS:
- AWS Identity and Access Management (IAM), AWS Directory Service, AWS Network Firewall
- AWS Identity and Access Management (IAM), AWS Directory Service, AWS Secrets Manager
Services Associated with Azure:
- Azure Virtual Network (VNet)
- Azure Network Security Groups (NSGs)
- Azure Active Directory (Azure AD)
- Azure Firewall
- Azure Traffic Manager
- Azure VPN Gateway
- Azure ExpressRoute
- Azure Private Link
- Azure Bastion
- Azure Security Center
- Azure Monitor
- Azure Key Vault
Objective Evidence:
- Administrative: documented policies, standards & procedures
- Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
- Technical: screen shot of wireless settings
Possible Technology Considerations:
- Secure Baseline Configurations (SBC)
What needs to be answered:
Is there a policy on wireless devices connecting to the network? Is wireless access to the system authorized, monitored, and managed?
Checks for AWS
- Authorize Wireless Access Prior to Connection
Description: This check ensures that wireless access to the system is authorized before allowing such connections. Establishing usage restrictions and configuration/connection requirements for wireless access helps reduce the susceptibility to unauthorized access through wireless technologies. - Implement Secure Authentication Protocols for Wireless Networks
Description: This check confirms that secure authentication protocols are implemented for wireless networks, providing credential protection and mutual authentication to enhance the security of wireless access.
Checks for Azure
- Establish Policy for Wireless Device Connection in Azure:
Description: This check verifies that a policy is established for wireless devices connecting to the network in Azure. It ensures that there are defined criteria, restrictions, and configuration/connection requirements for wireless access, supporting authorization decisions and reducing the susceptibility to unauthorized access through wireless technologies. - Authorize and Manage Wireless Access to the System in Azure:
Description: This check ensures that wireless access to the system in Azure is authorized, monitored, and managed. It validates that appropriate controls and practices are in place to authorize wireless access, continuously monitor wireless network activity, and effectively manage wireless connections to maintain the security of the system.
More Details: CUI contained on cloud based systems and not on internal network.