NIST 800-53 REV 5 • ACCESS CONTROL

AC-18(1)Authentication and Encryption

Protect wireless access to the system using authentication of {{ insert: param, ac-18.01_odp }} and encryption.

CMMC Practice Mapping

NIST 800-171 Mapping

Related Controls

Supplemental Guidance

Wireless networking capabilities represent a significant potential vulnerability that can be exploited by adversaries. To protect systems with wireless access points, strong authentication of users and devices along with strong encryption can reduce susceptibility to threats by adversaries involving wireless technologies.

Practitioner Notes

Wireless connections must use strong authentication and encryption. Open WiFi networks and weak encryption (WEP, WPA-Personal) are not acceptable for enterprise use.

Example 1: Configure your wireless access points for WPA3-Enterprise (or WPA2-Enterprise minimum) with AES-CCMP encryption. Use 802.1X with EAP-TLS for certificate-based authentication. Configure RADIUS accounting to log all wireless authentication events.

Example 2: In Intune, push a WiFi profile to managed devices that pre-configures the enterprise SSID with the correct certificates and 802.1X settings. Devices that are not Intune-managed cannot connect to the enterprise WiFi because they lack the required certificates.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management