Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization selects radio antennas and calibrates transmission power levels to reduce the probability that usable signals can be received outside of organization-controlled boundaries.
NIST 800-53 (r4) Supplemental Guidance:
Actions that may be taken by organizations to limit unauthorized use of wireless communications outside of organization-controlled boundaries include, for example: (i) reducing the power of wireless transmissions so that the transmissions are less likely to emit a signal that can be used by adversaries outside of the physical perimeters of organizations; (ii) employing measures such as TEMPEST to control wireless emanations; and (iii) using directional/beam forming antennas that reduce the likelihood that unintended receivers will be able to intercept signals. Prior to taking such actions, organizations can conduct periodic wireless surveys to understand the radio frequency profile of organizational information systems as well as other systems that may be operating in the area. Related control: PE-19.
NIST 800-53 (r5) Discussion:
Actions that may be taken to limit unauthorized use of wireless communications outside of organization-controlled boundaries include reducing the power of wireless transmissions so that the transmissions are less likely to emit a signal that can be captured outside of the physical perimeters of the organization, employing measures such as emissions security to control wireless emanations, and using directional or beamforming antennas that reduce the likelihood that unintended receivers will be able to intercept signals. Prior to taking such mitigating actions, organizations can conduct periodic wireless surveys to understand the radio frequency profile of organizational systems as well as other systems that may be operating in the area.
38North Guidance:
Meets Minimum Requirement:
If wireless technologies are in use, the CSP must ensure that any wireless signal does not transmit outside of the control of the CSP organization. This can be accomplished by reducing power levels, using directional antennas, and ensuring that wireless equipment is properly located (not near external walls, near other hardwired equipment, etc.)
Best Practice:
CSPs should configure wireless technologies only if needed to support the information system. In the event that wireless technologies are used, the CSP should ensure that all wireless transmissions are only accessible and controlled within the CSP organization.
CSPs should conduct wireless penetration tests to get a better understanding of their wireless topography and output. This can conducted using a walk-about method and attempting to connect to and access the wireless technology from different locations around the organization.
Unofficial FedRAMP Guidance: None.
Assessment Evidence:
Screen shots showing antenna power output reduction, penetration results, locations of antennas, etc.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse