NIST 800-53 REV 5 • ACCESS CONTROL

AC-18(3)Disable Wireless Networking

Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment.

CMMC Practice Mapping

NIST 800-171 Mapping

Related Controls

No related controls listed

Supplemental Guidance

Wireless networking capabilities that are embedded within system components represent a significant potential vulnerability that can be exploited by adversaries. Disabling wireless capabilities when not needed for essential organizational missions or functions can reduce susceptibility to threats by adversaries involving wireless technologies.

Practitioner Notes

In some environments, the right answer is to disable wireless entirely. If wireless is not needed for the mission, turning it off eliminates the risk completely.

Example 1: In environments processing classified data, physically disable WiFi and Bluetooth on all devices. In the BIOS, disable the wireless NIC. Via GPO, disable the Windows WiFi service: Computer Configuration → Windows Settings → Security Settings → System Services → WLAN AutoConfig → Disabled.

Example 2: Use Intune device configuration profiles to disable WiFi on devices that must only use wired connections. Under Device restrictions → General → Wi-Fi, set to Block. For additional assurance, use USB port blockers on wireless adapters and document the policy in your SSP.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management