Level 2


Description:

Organizations authenticate individuals and devices to help protect wireless access to the system. Special attention is given to the wide variety of devices that are part of the Internet of Things with potential wireless access to organizational systems. See [NIST CRYPTO].  


Priority: High 


Domain: ACCESS CONTROL (AC) 


Services Associated with AWS: 

  • AWS Identity and Access Management (IAM), AWS Directory Service, AWS IoT Core
  • AWS Certificate Manager, AWS IoT Core, AWS Key Management Service (KMS)


Services Associated with Azure:

  • Azure Active Directory (Azure AD)
  • Azure Network Security Groups (NSGs)
  • Azure VPN Gateway
  • Azure IoT Hub
  • Azure Sphere
  • Azure Security Center
  • Azure Monitor
  • Azure Key Vault


Objective Evidence: 

  • Administrative: documented policies, standards & procedures 
  • Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations 
  • Technical: screen shot of wireless settings


Possible Technology Considerations:

  • Secure Baseline Configurations (SBC)


What needs to be answered:

Is wireless access restricted to authorized users and encrypted according to industry best practices? (FIPS 140)  


Checks for AWS

  • Implement Authentication for Wireless Access
    Description: This check ensures that authentication mechanisms are implemented to protect wireless access to the system. Organizations should authenticate both individuals and devices, especially considering the diverse range of devices in the Internet of Things (IoT) with potential wireless access to organizational systems.
  • Enable Encryption for Wireless Access
    Description: This check verifies that encryption is enabled for wireless access to provide confidentiality and integrity of data transmitted over wireless networks. Encryption helps protect sensitive information from unauthorized interception and tampering.


Checks for Azure

  • Implement Authentication for Wireless Access in Azure:
    Description: This check ensures that authentication mechanisms are implemented to protect wireless access to the system in Azure. It verifies that both individuals and devices are authenticated, with special attention given to the wide variety of devices that are part of the Internet of Things (IoT) and may have wireless access to organizational systems. This policy check ensures that wireless access is restricted to authorized users and devices, enhancing the security of the system.
  • Enable Encryption for Wireless Access in Azure:
    Description: This check verifies that encryption is enabled for wireless access in Azure. It ensures that industry best practices, such as FIPS 140 encryption, are followed to encrypt wireless communications. Encryption provides confidentiality and integrity of data transmitted over wireless networks, protecting sensitive information from unauthorized interception and tampering.


More Details: CUI contained on cloud based systems and not on internal network.