| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
AC-18 |
FedRAMP_High_R4_AC-18 |
FedRAMP High AC-18 |
Access Control |
Wireless Access |
Shared |
n/a |
The organization:
a. Establishes usage restrictions, configuration/connection requirements, and implementation guidance for wireless access; and
b. Authorizes wireless access to the information system prior to allowing such connections.
Supplemental Guidance: Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. Related controls: AC-2, AC-3, AC-17, AC-19, CA-3, CA-7, CM-8, IA-2, IA-3, IA-8, PL-4, SI-4.
References: NIST Special Publications 800-48, 800-94, 800-97. |
link |
2 |
| FedRAMP_High_R4 |
AC-18(1) |
FedRAMP_High_R4_AC-18(1) |
FedRAMP High AC-18 (1) |
Access Control |
Authentication And Encryption |
Shared |
n/a |
The information system protects wireless access to the system using authentication of [Selection
(one or more): users; devices] and encryption.
Supplemental Guidance: Related controls: SC-8, SC-13. |
link |
3 |
| FedRAMP_Moderate_R4 |
AC-18 |
FedRAMP_Moderate_R4_AC-18 |
FedRAMP Moderate AC-18 |
Access Control |
Wireless Access |
Shared |
n/a |
The organization:
a. Establishes usage restrictions, configuration/connection requirements, and implementation guidance for wireless access; and
b. Authorizes wireless access to the information system prior to allowing such connections.
Supplemental Guidance: Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. Related controls: AC-2, AC-3, AC-17, AC-19, CA-3, CA-7, CM-8, IA-2, IA-3, IA-8, PL-4, SI-4.
References: NIST Special Publications 800-48, 800-94, 800-97. |
link |
2 |
| FedRAMP_Moderate_R4 |
AC-18(1) |
FedRAMP_Moderate_R4_AC-18(1) |
FedRAMP Moderate AC-18 (1) |
Access Control |
Authentication And Encryption |
Shared |
n/a |
The information system protects wireless access to the system using authentication of [Selection
(one or more): users; devices] and encryption.
Supplemental Guidance: Related controls: SC-8, SC-13. |
link |
3 |
| hipaa |
0301.09o1Organizational.123-09.o |
hipaa-0301.09o1Organizational.123-09.o |
0301.09o1Organizational.123-09.o |
03 Portable Media Security |
0301.09o1Organizational.123-09.o 09.07 Media Handling |
Shared |
n/a |
The organization, based on the data classification level, registers media (including laptops) prior to use, places reasonable restrictions on how such media are used, and provides an appropriate level of physical and logical protection (including encryption) for media containing covered information until properly destroyed or sanitized. |
|
14 |
| hipaa |
0504.09m2Organizational.5-09.m |
hipaa-0504.09m2Organizational.5-09.m |
0504.09m2Organizational.5-09.m |
05 Wireless Security |
0504.09m2Organizational.5-09.m 09.06 Network Security Management |
Shared |
n/a |
Firewalls are configured to deny or control any traffic from a wireless environment into the covered data environment. |
|
4 |
| hipaa |
0858.09m1Organizational.4-09.m |
hipaa-0858.09m1Organizational.4-09.m |
0858.09m1Organizational.4-09.m |
08 Network Protection |
0858.09m1Organizational.4-09.m 09.06 Network Security Management |
Shared |
n/a |
The organization monitors for all authorized and unauthorized wireless access to the information system and prohibits installation of wireless access points (WAPs) unless explicitly authorized in writing by the CIO or his/her designated representative. |
|
7 |
| hipaa |
0861.09m2Organizational.67-09.m |
hipaa-0861.09m2Organizational.67-09.m |
0861.09m2Organizational.67-09.m |
08 Network Protection |
0861.09m2Organizational.67-09.m 09.06 Network Security Management |
Shared |
n/a |
To identify and authenticate devices on local and/or wide area networks, including wireless networks, the information system uses either a (i) shared known information solution, or (ii) an organizational authentication solution, the exact selection and strength of which is dependent on the security categorization of the information system. |
|
7 |
| ISO27001-2013 |
A.13.1.1 |
ISO27001-2013_A.13.1.1 |
ISO 27001:2013 A.13.1.1 |
Communications Security |
Network controls |
Shared |
n/a |
Networks shall be managed and controlled to protect information in systems and applications. |
link |
40 |
| ISO27001-2013 |
A.13.2.1 |
ISO27001-2013_A.13.2.1 |
ISO 27001:2013 A.13.2.1 |
Communications Security |
Information transfer policies and procedures |
Shared |
n/a |
Formal transfer policies, procedures and controls shall be in place to protect the transfer of information through the use of all types of communication facilities. |
link |
32 |
| ISO27001-2013 |
A.6.2.1 |
ISO27001-2013_A.6.2.1 |
ISO 27001:2013 A.6.2.1 |
Organization of Information Security |
Mobile device policy |
Shared |
n/a |
A policy and supporting security measures shall be adopted to manage the risks introduced by using mobile devices. |
link |
13 |
| NIST_SP_800-171_R2_3 |
.1.16 |
NIST_SP_800-171_R2_3.1.16 |
NIST SP 800-171 R2 3.1.16 |
Access Control |
Authorize wireless access prior to allowing such connections |
Shared |
Microsoft is responsible for implementing this requirement. |
Establishing usage restrictions and configuration/connection requirements for wireless access to the system provides criteria for organizations to support wireless access authorization decisions. Such restrictions and requirements reduce the susceptibility to unauthorized access to the system through wireless technologies. Wireless networks use authentication protocols which provide credential protection and mutual authentication. [SP 800-97] provides guidance on secure wireless networks. |
link |
2 |
| NIST_SP_800-171_R2_3 |
.1.17 |
NIST_SP_800-171_R2_3.1.17 |
NIST SP 800-171 R2 3.1.17 |
Access Control |
Protect wireless access using authentication and encryption |
Shared |
Microsoft is responsible for implementing this requirement. |
Organizations authenticate individuals and devices to help protect wireless access to the system. Special attention is given to the wide variety of devices that are part of the Internet of Things with potential wireless access to organizational systems. See [NIST CRYPTO]. |
link |
3 |
| NIST_SP_800-53_R4 |
AC-18 |
NIST_SP_800-53_R4_AC-18 |
NIST SP 800-53 Rev. 4 AC-18 |
Access Control |
Wireless Access |
Shared |
n/a |
The organization:
a. Establishes usage restrictions, configuration/connection requirements, and implementation guidance for wireless access; and
b. Authorizes wireless access to the information system prior to allowing such connections.
Supplemental Guidance: Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. Related controls: AC-2, AC-3, AC-17, AC-19, CA-3, CA-7, CM-8, IA-2, IA-3, IA-8, PL-4, SI-4.
References: NIST Special Publications 800-48, 800-94, 800-97. |
link |
2 |
| NIST_SP_800-53_R4 |
AC-18(1) |
NIST_SP_800-53_R4_AC-18(1) |
NIST SP 800-53 Rev. 4 AC-18 (1) |
Access Control |
Authentication And Encryption |
Shared |
n/a |
The information system protects wireless access to the system using authentication of [Selection
(one or more): users; devices] and encryption.
Supplemental Guidance: Related controls: SC-8, SC-13. |
link |
3 |
| NIST_SP_800-53_R5 |
AC-18 |
NIST_SP_800-53_R5_AC-18 |
NIST SP 800-53 Rev. 5 AC-18 |
Access Control |
Wireless Access |
Shared |
n/a |
a. Establish configuration requirements, connection requirements, and implementation guidance for each type of wireless access; and
b. Authorize each type of wireless access to the system prior to allowing such connections. |
link |
2 |
| NIST_SP_800-53_R5 |
AC-18(1) |
NIST_SP_800-53_R5_AC-18(1) |
NIST SP 800-53 Rev. 5 AC-18 (1) |
Access Control |
Authentication and Encryption |
Shared |
n/a |
Protect wireless access to the system using authentication of [Selection (OneOrMore): users;devices] and encryption. |
link |
3 |
| PCI_DSS_v4.0 |
1.3.3 |
PCI_DSS_v4.0_1.3.3 |
PCI DSS v4.0 1.3.3 |
Requirement 01: Install and Maintain Network Security Controls |
Network access to and from the cardholder data environment is restricted |
Shared |
n/a |
NSCs are installed between all wireless networks and the CDE, regardless of whether the wireless network is a CDE, such that:
• All wireless traffic from wireless networks into the CDE is denied by default.
• Only wireless traffic with an authorized business purpose is allowed into the CDE. |
link |
2 |
| PCI_DSS_v4.0 |
11.2.2 |
PCI_DSS_v4.0_11.2.2 |
PCI DSS v4.0 11.2.2 |
Requirement 11: Test Security of Systems and Networks Regularly |
Wireless access points are identified and monitored, and unauthorized wireless access points are addressed |
Shared |
n/a |
An inventory of authorized wireless access points is maintained, including a documented business justification. |
link |
2 |
| PCI_DSS_v4.0 |
2.3.1 |
PCI_DSS_v4.0_2.3.1 |
PCI DSS v4.0 2.3.1 |
Requirement 02: Apply Secure Configurations to All System Components |
Wireless environments are configured and managed securely |
Shared |
n/a |
For wireless environments connected to the CDE or transmitting account data, all wireless vendor defaults are changed at installation or are confirmed to be secure, including but not limited to:
• Default wireless encryption keys.
• Passwords or wireless access points.
• SNMP defaults.
• Any other security-related wireless vendor defaults. |
link |
3 |
| PCI_DSS_v4.0 |
2.3.2 |
PCI_DSS_v4.0_2.3.2 |
PCI DSS v4.0 2.3.2 |
Requirement 02: Apply Secure Configurations to All System Components |
Wireless environments are configured and managed securely |
Shared |
n/a |
For wireless environments connected to the CDE or transmitting account data, wireless encryption keys are changed as follows:
• Whenever personnel with knowledge of the key leave the company or the role for which the knowledge was necessary.
• Whenever a key is suspected of or known to be compromised. |
link |
3 |
| PCI_DSS_v4.0 |
4.2.1.2 |
PCI_DSS_v4.0_4.2.1.2 |
PCI DSS v4.0 4.2.1.2 |
Requirement 04: Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks |
PAN is protected with strong cryptography during transmission |
Shared |
n/a |
Wireless networks transmitting PAN or connected to the CDE use industry best practices to implement strong cryptography for authentication and transmission. |
link |
3 |
| SWIFT_CSCF_v2022 |
1.4 |
SWIFT_CSCF_v2022_1.4 |
SWIFT CSCF v2022 1.4 |
1. Restrict Internet Access & Protect Critical Systems from General IT Environment |
Control/Protect Internet access from operator PCs and systems within the secure zone. |
Shared |
n/a |
All general-purpose and dedicated operator PCs, as well as systems within the secure zone, have controlled direct internet access in line with business. |
link |
11 |
| SWIFT_CSCF_v2022 |
2.6 |
SWIFT_CSCF_v2022_2.6 |
SWIFT CSCF v2022 2.6 |
2. Reduce Attack Surface and Vulnerabilities |
Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications |
Shared |
n/a |
The confidentiality and integrity of interactive operator sessions that connect to service provider SWIFT-related applications or into the secure zone are safeguarded. |
link |
17 |