Restrict network access
Summary
The access to private wireless networks must be restricted through user credentials and authorized MAC addresses.
Description
When the restriction access through user credentials and MAC addresses is applied, it helps to protect against various Wi-Fi attacks, such as unauthorized access, on-path and rogue devices within the wireless range. By allowing only specific MAC addresses and access with proper credentials, the network administrator can control which devices are permitted to connect.
Supported In
This requirement is verified in following services
Plan | Supported |
---|---|
Essential | 🔴 |
Advanced | 🟢 |
References
- CIS-13_9. Deploy port-level access control
- SOC2®-CC6_6. Logical and physical access controls
- NY SHIELD Act-5575_B_6. Personal and private information
- PA-DSS-6_1. The wireless technology must be implemented securely
- PA-DSS-6_2. For wireless technology, implement strong encryption for authentication and transmission
- CMMC-AC_L2-3_1_12. Control remote access
- CMMC-AC_L2-3_1_16. Wireless access authorization
- CMMC-AC_L2-3_1_17. Wireless access protection
- CMMC-CM_L2-3_4_5. Access restrictions for change
- CMMC-SC_L1-3_13_1. Boundary protection
- HITRUST CSF-01_i. Policy on the use of network services
- HITRUST CSF-09_m. Network controls
- ISO/IEC 27002-8_21. Security of network services
- ISA/IEC 62443-IAC-1_6. Wireless access management
- ISA/IEC 62443-UC-2_2. Wireless use control
- ISSAF-G_14. Network security - Firewalls (countermeasures)
- ISSAF-L_3_1. Network security - WLAN security (types of threats)
- NIST 800-171-1_16. Authorize wireless access prior to allowing such connections
- NIST 800-115-4_4_1. Passive wireless scanning
- C2M2-9_2_c. Implement network protections for cybersecurity architecture
- PCI DSS-2_3_1. Wireless environments are configured and managed securely
- PCI DSS-9_2_3. Physical access controls manage entry into systems containing data
- SIG Lite-SL_148. Is there a process that requires security approval to allow external networks to connect to the company network, and enforces the least privilege necessary?
- CAPEC™-700. Network Boundary Bridging
- ISO/IEC 27001-8_21. Security of network services
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.