Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization employs a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises/breaches to the information system.
NIST 800-53 (r4) Supplemental Guidance:
Wireless signals may radiate beyond the confines of organization- controlled facilities. Organizations proactively search for unauthorized wireless connections including the conduct of thorough scans for unauthorized wireless access points. Scans are not limited to those areas within facilities containing information systems, but also include areas outside of facilities as needed, to verify that unauthorized wireless access points are not connected to the systems. Related controls: AC-18, IA-3.
NIST 800-53 (r5) Discussion:
Wireless signals may radiate beyond organizational facilities. Organizations proactively search for unauthorized wireless connections, including the conduct of thorough scans for unauthorized wireless access points. Wireless scans are not limited to those areas within facilities containing systems but also include areas outside of facilities to verify that unauthorized wireless access points are not connected to organizational systems.
38North Guidance:
Meets Minimum Requirement:
Employ a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises/breaches to the information systems. Note: Most providers do not permit wireless functionality within the network environment.
Best Practice: If the information system offers up wireless capabilities, the a WIDS should be configured with a centralized management solution. In addition to a centralized management console, WIDS events and logging information should be forwarded to the information system's SIEM solution for storage, protection, and correlation purposes. In the event that any sort of intrusion is detected, an alert should be generated and sent to personnel responsible for mitigating such events. Additionally, the information system incident response team should be alerted as well and the IR capability visited to ensure that the situation is fully addressed and documented.
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Configuration settings of wireless intrusion detection tools, showing the events that are monitored for system components.
CSP Implementation Tips: None
Page updated
Report abuse