CIS Control 15

CIS Control 15: Wireless Access Control

The processes and tools used to track/control/prevent/correct the secure use of wireless local area networks (WLANs), access points, and wireless client systems.

15.1: Maintain an Inventory of Authorized Wireless Access Points

  • Maintain an inventory of authorized wireless access points connected to the wired network.

15.2: Detect Wireless Access Points Connected to the Wired Network

  • Configure network vulnerability scanning tools to detect and alert on unauthorized wireless access points connected to the wired network.

15.3: Use a Wireless Intrusion Detection System

  • Use a wireless intrusion detection system (WIDS) to detect and alert on unauthorized wireless access points connected to the network.

15.4: Disable Wireless Access on Devices if Not Required

  • Disable wireless access on devices that do not have a business purpose for wireless access.

15.5: Limit Wireless Access on Client Devices

  • Configure wireless access on client machines that do have an essential wireless business purpose, to allow access only to authorized wireless networks and to restrict access to other wireless networks.

15.6: Disable Peer-to-Peer Wireless Network Capabilities on Wireless Clients

  • Disable peer-to-peer (ad hoc) wireless network capabilities on wireless clients.

15.7: Leverage the Advanced Encryption Standard (AES) to Encrypt Wireless Data

  • Leverage the Advanced Encryption Standard (AES) to encrypt wireless data in transit.

15.8: Use Wireless Authentication Protocols That Require Mutual, Multi-Factor Authentication

  • Ensure that wireless networks use authentication protocols such as Extensible Authentication Protocol-Transport Layer Security (EAP/TLS), that requires mutual, multi-factor authentication.

15.9: Disable Wireless Peripheral Access to Devices

  • Enforce detailed audit logging for access to sensitive data or changes to sensitive data (utilizing tools such as File Integrity Monitoring or Security Information and Event Monitoring).

15.10: Create Separate Wireless Network for Personal and Untrusted Devices

  • Create a separate wireless network for personal or untrusted devices. Enterprise access from this network should be treated as untrusted and filtered and audited accordingly.

Figure: System Entity Relationship Diagram

CIS Control 15
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
1175 Peachtree St NE
Atlanta, Georgia, 30361.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified IBM Security
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.