NIST 800-53 REV 5 • ACCESS CONTROL

AC-18Wireless Access

Establish configuration requirements, connection requirements, and implementation guidance for each type of wireless access; and Authorize each type of wireless access to the system prior to allowing such connections.

CMMC Practice Mapping

NIST 800-171 Mapping

Related Controls

Supplemental Guidance

Wireless technologies include microwave, packet radio (ultra-high frequency or very high frequency), 802.11x, and Bluetooth. Wireless networks use authentication protocols that provide authenticator protection and mutual authentication.

Practitioner Notes

Wireless access introduces unique risks — signals travel through walls, attackers can intercept from the parking lot. You need to protect, authenticate, and encrypt all wireless connections.

Example 1: Configure your enterprise WiFi using WPA3-Enterprise with 802.1X authentication against RADIUS (NPS in Windows Server). Users authenticate with their AD credentials via EAP-TLS (certificate-based) rather than a shared password.

Example 2: Create a separate guest WiFi network on a dedicated VLAN that has internet access only — no route to your internal network. Configure the guest portal to require acceptance of an acceptable use policy before granting access. Log all guest connections with MAC addresses and timestamps.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management