253 – Restrict network access

Summary

The access to private wireless networks must be restricted through user credentials and authorized MAC addresses.

Description

When the restriction access through user credentials and MAC addresses is applied, it helps to protect against various Wi-Fi attacks, such as unauthorized access, on-path and rogue devices within the wireless range. By allowing only specific MAC addresses and access with proper credentials, the network administrator can control which devices are permitted to connect.

Supported In

Advanced: True

References

• CIS-13_9. Deploy port-level access control
• SOC2-CC6_6. Logical and physical access controls
• NYSHIELD-5575_B_6. Personal and private information
• PADSS-6_1. The wireless technology must be implemented securely
• PADSS-6_2. For wireless technology, implement strong encryption for authentication and transmission
• CMMC-AC_L2-3_1_12. Control remote access
• CMMC-AC_L2-3_1_16. Wireless access authorization
• CMMC-AC_L2-3_1_17. Wireless access protection
• CMMC-CM_L2-3_4_5. Access restrictions for change
• CMMC-SC_L1-3_13_1. Boundary protection
• HITRUST-01_i. Policy on the use of network services
• HITRUST-09_m. Network controls
• ISO27002-8_21. Security of network services
• IEC62443-IAC-1_6. Wireless access management
• IEC62443-UC-2_2. Wireless use control
• ISSAF-G_14. Network security - Firewalls (countermeasures)
• ISSAF-L_3_1. Network security - WLAN security (types of threats)
• NIST800171-1_16. Authorize wireless access prior to allowing such connections
• NIST800115-4_4_1. Passive wireless scanning
• C2M2-9_2_c. Implement network protections for cybersecurity architecture
• PCI-2_3_1. Wireless environments are configured and managed securely
• PCI-9_2_3. Physical access controls manage entry into systems containing data
• SIGLITE-SL_148. Is there a process that requires security approval to allow external networks to connect to the company network, and enforces the least privilege necessary?
• CAPEC-700. Network Boundary Bridging
• ISO27001-8_21. Security of network services

Last updated

2024/01/18