CIS Control 15

CIS Control 15: Wireless Access Control

The processes and tools used to track/control/prevent/correct the secure use of wireless local area networks (WLANs), access points, and wireless client systems.

15.1: Maintain an Inventory of Authorized Wireless Access Points

  • Maintain an inventory of authorized wireless access points connected to the wired network.

15.2: Detect Wireless Access Points Connected to the Wired Network

  • Configure network vulnerability scanning tools to detect and alert on unauthorized wireless access points connected to the wired network.

15.3: Use a Wireless Intrusion Detection System

  • Use a wireless intrusion detection system (WIDS) to detect and alert on unauthorized wireless access points connected to the network.

15.4: Disable Wireless Access on Devices if Not Required

  • Disable wireless access on devices that do not have a business purpose for wireless access.

15.5: Limit Wireless Access on Client Devices

  • Configure wireless access on client machines that do have an essential wireless business purpose, to allow access only to authorized wireless networks and to restrict access to other wireless networks.

15.6: Disable Peer-to-Peer Wireless Network Capabilities on Wireless Clients

  • Disable peer-to-peer (ad hoc) wireless network capabilities on wireless clients.

15.7: Leverage the Advanced Encryption Standard (AES) to Encrypt Wireless Data

  • Leverage the Advanced Encryption Standard (AES) to encrypt wireless data in transit.

15.8: Use Wireless Authentication Protocols That Require Mutual, Multi-Factor Authentication

  • Ensure that wireless networks use authentication protocols such as Extensible Authentication Protocol-Transport Layer Security (EAP/TLS), that requires mutual, multi-factor authentication.

15.9: Disable Wireless Peripheral Access to Devices

  • Enforce detailed audit logging for access to sensitive data or changes to sensitive data (utilizing tools such as File Integrity Monitoring or Security Information and Event Monitoring).

15.10: Create Separate Wireless Network for Personal and Untrusted Devices

  • Create a separate wireless network for personal or untrusted devices. Enterprise access from this network should be treated as untrusted and filtered and audited accordingly.

Figure: System Entity Relationship Diagram

CIS Control 15

Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2022, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.