NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-4(15)Wireless to Wireline Communications

Employ an intrusion detection system to monitor wireless communications traffic as the traffic passes from wireless to wireline networks.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Wireless networks are inherently less secure than wired networks. For example, wireless networks are more susceptible to eavesdroppers or traffic analysis than wireline networks. When wireless to wireline communications exist, the wireless network could become a port of entry into the wired network. Given the greater facility of unauthorized network access via wireless access points compared to unauthorized wired network access from within the physical boundaries of the system, additional monitoring of transitioning traffic between wireless and wired networks may be necessary to detect malicious activities. Employing intrusion detection systems to monitor wireless communications traffic helps to ensure that the traffic does not contain malicious code prior to transitioning to the wireline network.

Practitioner Notes

Monitor the connection between your wireless and wired networks to detect threats that use wireless access as an entry point into your wired infrastructure.

Example 1: Monitor all traffic crossing from your wireless VLAN to your wired network through a firewall or IDS sensor at the junction point. Apply the same inspection policies to wireless-to-wired traffic that you apply to internet-to-internal traffic.

Example 2: Require 802.1X authentication for wireless clients and monitor authentication events. A device that authenticates on the wireless network and immediately starts scanning wired subnets should trigger an alert in your SIEM.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status