Back

Enable an authorized version of Wi-Fi Protected Access.


CONTROL ID
04832
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure Wireless Access Points in accordance with organizational standards., CC ID: 12477

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Banks should ensure all wireless traffic leverages at least AES encryption used with at least WPA2 protection. Banks should ensure wireless networks use authentication protocols such as EAP/TLS or PEAP, which provide credential protection and mutual authentication. (Critical components of information security 28) xi., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Unclassified wireless networks must use WiFi Protected Access-2 enterprise with Extensible Authentication Protocol-Transport Layer Security, WiFi Protected Access-2 enterprise with Protected Extensible Authentication Protocol-Extensible Authentication Protocol-Transport Layer Security, WiFi Protecte… (Control: 0541, Australian Government Information Security Manual: Controls)
  • Sensitive and classified wireless networks must use WiFi Protected Access-2 enterprise with Extensible Authentication Protocol-Transport Layer Security for mutual authentication. (Control: 1321, Australian Government Information Security Manual: Controls)
  • WPA or WPA2 Enterprise mode with 802.1X authentication and AES encryption is recommended for WLAN networks. (4.4.3 A, Information Supplement: PCI DSS Wireless Guidelines, Version 2.0)
  • § 4.2.1.A Enable Wi-Fi Protected Access (WPA or WPA2) and make sure that default PSKs are changed for Access Points. Enterprise mode is recommended. § 4.4.1.A WPA or WPA2 Enterprise mode with 802.1X authentication and AES encryption is recommended for WLAN networks. § 4.4.1.B It is recommended th… (§ 4.2.1.A, § 4.4.1.A, § 4.4.1.B, § 4.4.1.C, § 4.6.1.B, Payment Card Industry (PCI) Information Supplement: PCI DSS Wireless Guideline)
  • Ensure that all wireless traffic leverages at least Advanced Encryption Standard (AES) encryption used with at least Wi-Fi Protected Access 2 (WPA2) protection. (Control 15.5, The CIS Critical Security Controls for Effective Cyber Defense, Version 6.0)
  • The organization should verify all wireless traffic uses at least Advanced Encryption Standard with WiFi Protected Access 2 protection. (Critical Control 7.9, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
  • Leverage the Advanced Encryption Standard (AES) to encrypt wireless data in transit. (CIS Control 15: Sub-Control 15.7 Leverage the Advanced Encryption Standard (AES) to Encrypt Wireless Data, CIS Controls, 7.1)
  • Leverage the Advanced Encryption Standard (AES) to encrypt wireless data in transit. (CIS Control 15: Sub-Control 15.7 Leverage the Advanced Encryption Standard (AES) to Encrypt Wireless Data, CIS Controls, V7)
  • Wi-Fi Protected Access and Wired Equivalent Privacy cryptographic algorithms do not meet the Federal Information Processing Standards 140-2 requirements and require additional security controls if they are being used. (§ 5.5.7.2 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • The agency shall enable Wired Equivalent Privacy and Wi-Fi Protected Access for wireless implementations and when Wired Equivalent Privacy and Wi-Fi Protected Access security features are used for wireless security in conjunction with the criminal justice information services required minimum encryp… (§ 5.5.7.2 ¶ 2(2), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • Agencies must implement boundary protection devices throughout their system architecture, including routers, firewalls, switches, and intrusion detection systems to protect FTI and FTI systems. The agency’s managed interfaces employing boundary protection must deny network traffic by default and a… (3.3.6 ¶ 1, Internal Revenue Service, Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies, Rev. 11-2021)
  • Has Wired Equivalent Privacy, WiFi Protected Access, or Wireless Priority Service Program for the Wireless Local Area Network access points, wireless routers, and wireless bridges been enabled? (IT - WLANS Q 9i, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)