Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization disables, when not intended for use, wireless networking capabilities internally embedded within information system components prior to issuance and deployment.
NIST 800-53 (r4) Supplemental Guidance:
Related control: AC-19.
NIST 800-53 (r5) Discussion:
Wireless networking capabilities that are embedded within system components represent a significant potential vulnerability that can be exploited by adversaries. Disabling wireless capabilities when not needed for essential organizational missions or functions can reduce susceptibility to threats by adversaries involving wireless technologies.
38North Guidance:
Meets Minimum Requirement:
Ensure for any component used within the information system that has wireless capabilities and are not needed, that those capabilities are disabled to support the principle of least functionality (CM-7 security control).
Best Practice:
All devices that are capable of providing wireless technologies, should be configured to provided only the specific mechanisms needed to support the information system. If wireless technologies are not needed nor used within the information system and devices have wireless capabilities, then those capabilities should be disabled prior to deployment.
Unofficial FedRAMP Guidance: None.
Assessment Evidence:
Ticket showing wireless capabilities are disabled for all devices if necessary.
Screen shots of all devices capable of providing wireless where that capability is disabled.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse