Back

Disable Service Set Identifier broadcast.


CONTROL ID
04590
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure Wireless Access Points in accordance with organizational standards., CC ID: 12477

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The organization should enable Service Set Identifier broadcasting on wireless networks. (Control: 1318, Australian Government Information Security Manual: Controls)
  • Has the Service Set Identifier been encrypted or moved from the default windows registry folder? (App Table 802.11 Row 3, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • The SSID broadcast mode should be disabled in order to require users to know what the SSID is before being able to associate it with the device. (§ 2.3.1 (2.3.1.090), The Center for Internet Security Wireless Networking Benchmark, 1)
  • The SSID broadcast mode should be disabled. (§ 1.2 (2.3.1.090), The Center for Internet Security Wireless Networking Benchmark, Apple Addendum, 1)
  • The SSID broadcast mode should be disabled. (§ 1.2 (2.3.1.090), The Center for Internet Security Wireless Networking Benchmark, Cisco Addendum, 1)
  • The SSID broadcast mode should be disabled. (§ 1.2 (2.3.1.090), The Center for Internet Security Wireless Networking Benchmark, DLINK Addendum, 1)
  • The SSID broadcast mode should be disabled. (§ 1.2 (2.3.1.090), The Center for Internet Security Wireless Networking Benchmark, Linksys Addendum, 1)
  • Change the SSID. Do not advertise organization names in the SSID broadcast, or include information that may be useful for attackers (such as the location of the AP). (4.2.3 C, Information Supplement: PCI DSS Wireless Guidelines, Version 2.0)
  • Do not advertise organization names in the SSID broadcast. (§ 4.2.1.C, Payment Card Industry (PCI) Information Supplement: PCI DSS Wireless Guideline)
  • The organization must disable service set identifier broadcasting for wireless devices. (CSR 10.10.5, Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)
  • The SSID broadcast mode should be disabled, and any wireless LAN access points that do not allow the SSID broadcast mode to be disabled should not be used by the organization. Examine the wireless LAN configuration for each access point or security gateway by viewing the configuration screen to ensu… (§ 3.1 (WIR0150), DISA WIRELESS SECURITY CHECKLIST, Version 5, Release 2.2, Version 5, Release 2.2)
  • The agency shall disable the broadcast service set identifier. (§ 5.5.7.1(8), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • Change the default service set identifier (SSID) in the APs. Disable the broadcast SSID feature so that the client SSID must match that of the AP. Validate that the SSID character string does not contain any agency identifiable information (division, department, street, etc.) or services. (§ 5.13.1.1 ¶ 2(8), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • Change the default service set identifier (SSID) in the APs. Disable the broadcast SSID feature so that the client SSID must match that of the AP. Validate that the SSID character string does not contain any agency identifiable information (division, department, street, etc.) or services. (§ 5.13.1.1 ¶ 2 8., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • Has the broadcast feature setting for the Wireless Local Area Network access points, wireless routers, and wireless bridges been disabled? (IT - WLANS Q 9b, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Wireless access points should be configured to have a unique service set identifier (SSID), disable SSID broadcast, and enable MAC filtering at a minimum. (§ 6.2.1.5 ICS-specific Recommendations and Guidance ¶ 1 Bullet 4, Guide to Industrial Control Systems (ICS) Security, Revision 2)