Back

Configure the transmit power for wireless technologies to the lowest level possible.


CONTROL ID
04593
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure Wireless Access Points in accordance with organizational standards., CC ID: 12477

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Instead of deploying a small number of wireless access points that broadcast on high power, a greater number of wireless access points that use less broadcast power are deployed to achieve the desired footprint. (Security Control: 1338; Revision: 1, Australian Government Information Security Manual, March 2021)
  • The organization should limit the effective communications range for wireless devices by minimizing the output power level. (Control: 0929 Bullet 1, Australian Government Information Security Manual: Controls)
  • The organization should deploy more Wireless Access Points that use minimal broadcast power to achieve the desired wireless network footprint. (Control: 1338, Australian Government Information Security Manual: Controls)
  • Has the organization limited the wireless radius coverage to the windows, and not beyond? (Table Row XIII.6, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Are Access Point channels at least 5 channels different from other nearby wireless networks in order to prevent interference? (App Table 802.11 Row 1, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • The transmit power setting should be set to the lowest possible setting required to balance coverage and security needs. (§ 2.3.1 (2.3.1.060), The Center for Internet Security Wireless Networking Benchmark, 1)
  • The wireless LAN access points transmit power setting should be set to the lowest possible setting required to service the access point area in order to minimize service to unneeded areas. (§ 1.2 (2.3.1.060), The Center for Internet Security Wireless Networking Benchmark, Apple Addendum, 1)
  • The transmit power setting should be set to the lowest possible setting required to service the access point area in order to minimize service to unneeded areas. (§ 1.2 (2.3.1.060), The Center for Internet Security Wireless Networking Benchmark, Cisco Addendum, 1)
  • The transmit power setting should be set to the lowest possible setting required to service the access point area in order to minimize service to unneeded areas. (§ 1.2 (2.3.1.060), The Center for Internet Security Wireless Networking Benchmark, DLINK Addendum, 1)
  • The transmit power setting should be set to the lowest possible setting required to service the access point area in order to minimize service to unneeded areas. (§ 1.2 (2.3.1.060), The Center for Internet Security Wireless Networking Benchmark, Linksys Addendum, 1)
  • Review signal settings and physical placement of APs to provide maximum coverage for the desired service area while minimizing broadcast range outside of the environment. (4.1.1 C, Information Supplement: PCI DSS Wireless Guidelines, Version 2.0)
  • Wireless Access Points should be configured for low power to limit range. (CF.09.06.03a, The Standard of Good Practice for Information Security)
  • Wireless Access Points should be configured for low power to limit range. (CF.09.06.03a, The Standard of Good Practice for Information Security, 2013)
  • The signal strength of the Wireless Access Points should be tuned to minimize leakage to unneeded areas. (Critical Control 7.6, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
  • The organization selects radio antennas and calibrates transmission power levels to reduce the probability that usable signals can be received outside of organization-controlled boundaries. (AC-18(5) ¶ 1, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The wireless LAN access points transmit power setting should be set to the lowest possible setting required to service the access point area in order to minimize service to unneeded areas. Examine documentation showing the signal strength has been analyzed, and physically inspect the locations of ac… (§ 3.1 (WIR0250), DISA WIRELESS SECURITY CHECKLIST, Version 5, Release 2.2, Version 5, Release 2.2)
  • The agency shall test the access points range boundaries to determine the extent of coverage and to limit the coverage area to only what is operationally needed. (§ 5.5.7.1(4), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • An agency shall set the power level of a Bluetooth device to the lowest level that is necessary and sufficient for the transmissions to stay in the secure perimeter of the organization. (§ 5.5.7.4 ¶ 4(4), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • Test AP range boundaries to determine the precise extent of the wireless coverage and design the AP wireless coverage to limit the coverage area to only what is needed for operational purposes. (§ 5.13.1.1 ¶ 2(4), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • Test AP range boundaries to determine the precise extent of the wireless coverage and design the AP wireless coverage to limit the coverage area to only what is needed for operational purposes. (§ 5.13.1.1 ¶ 2 4., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • The organization selects radio antennas and calibrates transmission power levels to reduce the probability that usable signals can be received outside of organization-controlled boundaries. (AC-18(5) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Select radio antennas and calibrate transmission power levels to reduce the probability that signals from wireless access points can be received outside of organization-controlled boundaries. (AC-18(5) ¶ 1, FedRAMP Security Controls High Baseline, Version 5)
  • Are proactive measures being used for Wireless Local Area Networks? (IT - WLANS Q 25, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Select radio antennas and calibrate transmission power levels to reduce the probability that signals from wireless access points can be received outside of organization-controlled boundaries. (AC-18(5) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • The power level of Bluetooth devices should be set to the lowest level that is necessary and sufficient to ensure the transmissions stay within the desired perimeter. Bluetooth radios should be either Class 2 or Class 3. Class 1 radios should be avoided because their range is approximately 100 meter… (Table 4-2 Item 8, Table 4-3 Item 2, Guide to Bluetooth Security, NIST SP 800-121, September 2008)
  • The organization selects radio antennas and calibrates transmission power levels to reduce the probability that usable signals can be received outside of organization-controlled boundaries. (AC-18(5) ¶ 1 High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • § 6.2 Par 3-4 The organization should ensure the signal strength is set to the appropriate level, so that the signal does not leave the coverage area or overlap with other APs. Antennas can assist with signal containment. For example, when appropriate, using wall-mounted antennas that propagate sig… (§ 6.2 Par 3-4, § 6.3.3.2 (Changing default channel and power output), Guide to Securing Legacy IEEE 802.11 Wireless Networks, NIST SP 800-48, Revision 1)
  • Bluetooth should be configured to use the least amount of power needed for connections. (§ 4.1.6, Guidelines on Cell Phone and PDA Security, NIST SP 800-124, October 2008)
  • Wireless communications should be confined to organization-controlled boundaries. (App F § AC-18(5), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization selects radio antennas and calibrates transmission power levels to reduce the probability that usable signals can be received outside of organization-controlled boundaries. (AC-18(5), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The information system protects external and internal {organizationally documented wireless links} from {organizationally documented types of signal parameter attacks or references to sources for such attacks}. (SC-40 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization selects radio antennas and calibrates transmission power levels to reduce the probability that usable signals can be received outside of organization-controlled boundaries. (AC-18(5), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization selects radio antennas and calibrates transmission power levels to reduce the probability that usable signals can be received outside of organization-controlled boundaries. (AC-18(5) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The organization selects radio antennas and calibrates transmission power levels to reduce the probability that usable signals can be received outside of organization-controlled boundaries. (AC-18(5) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • The information system protects external and internal [Assignment: organization-defined wireless links] from [Assignment: organization-defined types of signal parameter attacks or references to sources for such attacks]. (SC-40 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Select radio antennas and calibrate transmission power levels to reduce the probability that signals from wireless access points can be received outside of organization-controlled boundaries. (AC-18(5) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Protect external and internal [Assignment: organization-defined wireless links] from the following signal parameter attacks: [Assignment: organization-defined types of signal parameter attacks or references to sources for such attacks]. (SC-40 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Select radio antennas and calibrate transmission power levels to reduce the probability that signals from wireless access points can be received outside of organization-controlled boundaries. (AC-18(5) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Protect external and internal [Assignment: organization-defined wireless links] from the following signal parameter attacks: [Assignment: organization-defined types of signal parameter attacks or references to sources for such attacks]. (SC-40 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Conduct a site survey to determine the proper location of access points (APs), given a desired coverage area. The site survey shall result in a report that proposes the location for each AP, graphically notes its usable coverage area, and assigns it an IEEE 802.11 radio channel. The estimated usable… (PLANNING AND DESIGN ¶ 1, Standard 643S1: Wireless Networks, 643S1-00)
  • Set Bluetooth devices to the lowest necessary and sufficient power level so that transmissions remain within the secure perimeter of the agency. (TECHNICAL CONTROLS ¶ 2, Standard 643S3: Bluetooth Security, 643S3-00)