Scan for unknown workstations and other network devices and default deny access

Status: Live

The organization will ensure that it employs tools and techniques to scan for unknown network devices, and by default ensure that access is denied until the device has been approved. [UCF ID 00536]

Supporting and supported controls

This control directly supports:

There are no supporting controls.

Authority documents complied with:

FFIEC IT Examination Handbook – Information Security, Exam Tier II Obj B.2; FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006, § 3; The National Strategy to Secure Cyberspace, February 2003, Pg 47; Recommended Security Controls for Federal Information Systems, NIST SP 800-53, Revision 2, AC-19; Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A, July 2008, AC-19.4; The Standard of Good Practice for Information Security, CI1.4.5(c), CI1.4.5(d), NW1.2.2(k), NW2.3.5(b), NW2.4.2(d), NW3.1.3(c ), NW3.1.3(d); OECD / World Bank Technology Risk Checklist, Version 7.3, § IV.21; Guide to Securing Legacy IEEE 802.11 Wireless Networks, NIST SP 800-48 Revision 1, Revision 1, § 6.1; Archer Control Table, ATCS-232; Payment Card Industry (PCI) Information Supplement: PCI DSS Wireless Guideline, Version 1.2, July 2009, § 4.6.1.A

Banking and Finance Guidance

[Exam Tier II Obj B.2, FFIEC IT Examination Handbook – Information Security]

Payment Card Guidance

An organization must require explicit management approval to use wireless networks in the Cardholder Data Environment (CDE). Any unsanctioned wireless must be removed from CDE. [§ 4.6.1.A, Payment Card Industry (PCI) Information Supplement: PCI DSS Wireless Guideline, Version 1.2, July 2009]

US Federal Security Guidance

Calls for Access Control (AC): Organizations must limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems) and to the types of transactions and functions that authorized users are permitted to exercise. [§ 3, FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006]

Asks federal agencies to consider installing systems that continuously check for unauthorized connections to their networks. [Pg 47, The National Strategy to Secure Cyberspace, February 2003]

NIST Guidance

Portable and other mobile devices should be disallowed from network access unless they first meet organizational security policies and procedures. This might be said of any type of device as well. [AC-19, Recommended Security Controls for Federal Information Systems, NIST SP 800-53, Revision 2]

Test the system by connecting unauthorized portable and mobile devices to the system and ensure the unauthorized devices are detected and identified by the organization's personnel. [AC-19.4, Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A, July 2008]

The organization should use wireless sniffers and other tools to periodically check for rogue access points (APs) and unauthorized access. [§ 6.1, Guide to Securing Legacy IEEE 802.11 Wireless Networks, NIST SP 800-48 Revision 1, Revision 1]

General Guidance

Automated tools should be used to check the system for the existence of unauthorized systems and wireless networks and to prevent unauthorized devices from connecting to the network. [CI1.4.5(c), CI1.4.5(d), NW1.2.2(k), NW2.3.5(b), NW2.4.2(d), NW3.1.3(c ), NW3.1.3(d), The Standard of Good Practice for Information Security]

EU Guidance

Controls should be in place to detect modem scanning attempts on your system. [§ IV.21, OECD / World Bank Technology Risk Checklist, Version 7.3]


Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.