Back

Enable or disable all wireless interfaces, as necessary.


CONTROL ID
05755
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure Wireless Access Points in accordance with organizational standards., CC ID: 12477

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Ensure wireless interfaces are disabled Description: Wireless networking is used when wired networks are unavailable. Rationale: If wireless is not to be used, wireless devices should be disabled to reduce the potential attack surface. Remediation Procedure: Run the following script to disable any w… (3.1.2, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 1)
  • Ensure wireless interfaces are disabled Description: Wireless networking is used when wired networks are unavailable. Rationale: If wireless is not to be used, wireless devices should be disabled to reduce the potential attack surface. Remediation Procedure: Run the following script to disable any w… (3.1.2, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Title: Turn on Airplane Mode Description: Airplane Mode disables all receivers and transceivers on a mobile device. When Airplane Mode is on, no cellular voice, cellular data, GPS, radio, Wi-Fi, or Bluetooth signals are emitted from or received by the device. It is recommended that Airplane Mode… (1.1.17, The Center for Internet Security Apple iOS 7 Level 2 Benchmark, 1.0.0)
  • Title: Deactivate Wireless Interfaces Description: Wireless networking is used when wired networks are unavailable. CentOS contains a wireless tool kit to allow system administrators to configure and use wireless networks. Rationale: If wireless is not to be used, wireless devices can be disable… (Rule: xccdf_org.cisecurity.benchmarks_rule_5.3.1_Deactivate_Wireless_Interfaces Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_5.3.1.1_, The Center for Internet Security CentOS 6 Level 1 Benchmark, 1.0.0)
  • Title: Deactivate Wireless Interfaces Description: Wireless networking is used when wired networks are unavailable. Red Hat contains a wireless tool kit to allow system administrators to configure and use wireless networks. Rationale: If wireless is not to be used, wireless devices can be disa… (Rule:xccdf_org.cisecurity.benchmarks_rule_4.3.1_Deactivate_Wireless_Interfaces Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_4.3.1.1_, The Center for Internet Security Red Hat Enterprise Linux 6 Level 1 Benchmark, 1.2.0)
  • Title: Deactivate Wireless Interfaces Description: Wireless networking is used when wired networks are unavailable. Red Hat contains a wireless tool kit to allow system administrators to configure and use wireless networks. Rationale: If wireless is not to be used, wireless devices can be disa… (Rule:xccdf_org.cisecurity.benchmarks_rule_4.3.1_Deactivate_Wireless_Interfaces Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_4.3.1.1_, The Center for Internet Security Red Hat Enterprise Linux 6 Level 2 Benchmark, 1.2.0)
  • Ensure wireless interfaces are disabled Description: Wireless networking is used when wired networks are unavailable. CentOS Linux contains a wireless tool kit to allow system administrators to configure and use wireless networks. Rationale: If wireless is not to be used, wireless devices can be dis… (3.5, CIS Oracle Linux 8 Benchmark, Server Level 1, v1.0.1)
  • Ensure wireless interfaces are disabled Description: Wireless networking is used when wired networks are unavailable. CentOS Linux contains a wireless tool kit to allow system administrators to configure and use wireless networks. Rationale: If wireless is not to be used, wireless devices can be dis… (3.5, CIS Oracle Linux 8 Benchmark, Server Level 2, v1.0.1)
  • The organization should disable wireless peripheral access for all devices, such as Bluetooth, unless the access is required. (Critical Control 7.13, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
  • The organization disables, when not intended for use, wireless networking capabilities internally embedded within information system components prior to issuance and deployment. (AC-18(3) ¶ 1, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The organization must disable all unused wireless computing capabilities that are embedded in interconnected Department of Defense Information Technology assets before issuing to end users. (ECWN-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
  • The organization disables, when not intended for use, wireless networking capabilities internally embedded within information system components prior to issuance and deployment. (AC-18(3) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment. (AC-18(3) ¶ 1, FedRAMP Security Controls High Baseline, Version 5)
  • Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment. (AC-18(3) ¶ 1, FedRAMP Security Controls Moderate Baseline, Version 5)
  • Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment. (AC-18 (CE-3): Disable Wireless Networking:, Internal Revenue Service, Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies, Rev. 11-2021)
  • All wireless interfaces should be enabled or disabled as appropriate. Technical Mechanisms: via ifconfig Parameters: enabled / disabled References: Section: 2.5.2.2.2, Value: disabled (CCE-4276-2, Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 5, 5.20130214)
  • The Wireless Zero Configuration service should be enabled or disabled as appropriate. Technical Mechanisms: (1) defined by the Services Administrative Tool (2) definied by Group Policy Parameters: (1) disabled/manual/automatic References: CCE-604 Wireless Zero Configuration (CCE-4244-0, Common Configuration Enumeration List, Combined XML: Windows 2000, 5.20130214)
  • Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment. (AC-18(3) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment. (AC-18(3) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Disable, when not intended for use, wireless networking capabilities prior to issuance and deployment. (03.01.16 c., NIST SP 800-171 Rev. 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations)
  • Wireless networking capabilities that are internally embedded in Information System components should be disabled prior to being issued and deployed. (App F § AC-18(3), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • Install or replace network hubs, routers, and switches. (T0126, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • The organization disables, when not intended for use, wireless networking capabilities internally embedded within information system components prior to issuance and deployment. (AC-18(3), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization disables, when not intended for use, wireless networking capabilities internally embedded within information system components prior to issuance and deployment. (AC-18(3) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment. (AC-18(3) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment. (AC-18(3) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Ensure wired network interfaces (e.g., Ethernet) are disconnected or otherwise disabled when wireless network connections are being used. Similarly, disable the wireless function when connected to a wired network. This ensures the device cannot be accidentally or intentionally used as a bridging or … (REMOTE ACCESS CONNECTIONS ¶ 4, Standard 662S2: Client Systems Security, 662S2-03)