Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization identifies and explicitly authorizes users allowed to independently configure wireless networking capabilities.
NIST 800-53 (r4) Supplemental Guidance:
Organizational authorizations to allow selected users to configure wireless networking capability are enforced in part, by the access enforcement mechanisms employed within organizational information systems. Related controls: AC-3, SC-15.
NIST 800-53 (r5) Discussion:
Organizational authorizations to allow selected users to configure wireless networking capabilities are enforced, in part, by the access enforcement mechanisms employed within organizational systems.
38North Guidance:
Meets Minimum Requirement:
Official access request form/ticket supporting personnel wireless configuration responsibilities. This form/ticket should have an approval from a manager, system owner, etc. for each supporting personnel.
Evidence of access review to ensure that only necessary personnel are permitted with wireless configuration capabilities.
Best Practice:
CSPs should limit wireless configuration responsibilities to only specific personnel with a justified reason for such responsibilities. Ensure that access control is reviewed and updated along with other account management activities.
Unofficial FedRAMP Guidance: None.
Assessment Evidence:
List of personnel with wireless capability configuration responsibilities.
Authorizations for each personnel with wireless capability configuration responsibilities.
Screen shots of technical implementation showing access control for personnel with wireless configuration responsibilities.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse