NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-4(14)Wireless Intrusion Detection

Employ a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises or breaches to the system.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Wireless signals may radiate beyond organizational facilities. Organizations proactively search for unauthorized wireless connections, including the conduct of thorough scans for unauthorized wireless access points. Wireless scans are not limited to those areas within facilities containing systems but also include areas outside of facilities to verify that unauthorized wireless access points are not connected to organizational systems.

Practitioner Notes

Deploy wireless intrusion detection to identify rogue access points, unauthorized wireless connections, and wireless-based attacks.

Example 1: Configure your enterprise wireless controller (Cisco, Aruba) to continuously scan for rogue access points. When an unknown SSID is detected on your premises, the system alerts security and can optionally send deauthentication frames to contain the rogue AP.

Example 2: Use a dedicated wireless IDS sensor (or your existing APs in monitor mode) to detect wireless attacks — deauthentication floods, evil twin attacks, WPA key cracking attempts. Forward wireless security events to your SIEM for correlation with wired network events.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status