Scan for unknown workstations and other network devices and deny access until approval has been received.

UCF ID: 00536
Control Type: Testing
Status: Live

Supporting and supported controls

This control directly supports:

    Establish and maintain documentation for controlling the network configuration. [UCF Control ID 00530]

There are no supporting controls.

Authority documents complied with:

FFIEC IT Examination Handbook – Information Security, Exam Tier II Obj B.2; FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006, § 3; The National Strategy to Secure Cyberspace, February 2003, Pg 47; Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A, July 2008, AC-19.4; The Standard of Good Practice for Information Security, CI1.4.5(c), CI1.4.5(d), NW1.2.2(k), NW2.3.5(b), NW2.4.2(d), NW3.1.3(c ), NW3.1.3(d); OECD / World Bank Technology Risk Checklist, Version 7.3, § IV.21; Guide to Securing Legacy IEEE 802.11 Wireless Networks, NIST SP 800-48, Revision 1, § 6.1(WLAN security assessments); Payment Card Industry (PCI) Information Supplement: PCI DSS Wireless Guideline, Version 1.2, July 2009, § 4.6.1.A; The Center for Internet Security Wireless Networking Benchmark, Version 1.0 April 2005, § 2.2 (2.2.150); ISO/IEC 13335-4 Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguards, 2000, ¶ 8.2.4(5)(6), ¶ 9.2 Table Row “Network Monitoring”, ¶ 9.2 Table Row “Intrusion Detection”

Banking and Finance Guidance

[Exam Tier II Obj B.2, FFIEC IT Examination Handbook – Information Security]

Payment Card Guidance

An organization must require explicit management approval to use wireless networks in the Cardholder Data Environment (CDE). Any unsanctioned wireless must be removed from CDE. [§ 4.6.1.A, Payment Card Industry (PCI) Information Supplement: PCI DSS Wireless Guideline, Version 1.2, July 2009]

US Federal Security Guidance

Calls for Access Control (AC): Organizations must limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems) and to the types of transactions and functions that authorized users are permitted to exercise. [§ 3, FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006]

Asks federal agencies to consider installing systems that continuously check for unauthorized connections to their networks. [Pg 47, The National Strategy to Secure Cyberspace, February 2003]

NIST Guidance

Test the system by connecting unauthorized portable and mobile devices to the system and ensure the unauthorized devices are detected and identified by the organization's personnel. [AC-19.4, Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A, July 2008]

The organization should use wireless sniffers and other tools to periodically check for rogue access points (APs) and unauthorized access. [§ 6.1(WLAN security assessments), Guide to Securing Legacy IEEE 802.11 Wireless Networks, NIST SP 800-48, Revision 1]

Other Configuration Guidance

The organization should periodically test the WLAN for the presence of unauthorized or rogue bridges, stations, and/or access points. Organizations that do not have a WLAN should also perform wireless screenings periodically. [§ 2.2 (2.2.150), The Center for Internet Security Wireless Networking Benchmark, Version 1.0 April 2005]

ISO Guidance

¶ 8.2.4(5)(6) Network Management. An organization should implement safeguards to achieve network management, which includes planning, operation and administration of networks. The proper configuration and administration of networks is an effective means to reduce risks. Safeguards in the area of network management are listed below.
5. Network Monitoring
Network monitoring should be used to identify the weaknesses within the existing network configuration. It allows for reconfiguration caused by traffic analysis and helps to identify attackers.
6. Intrusion Detection
Attempts to gain entry to systems or networks and successful unauthorized entry should be detected so that the organization can respond in an appropriate and effective manner.
¶ 9.2 Table Row “Network Monitoring” in safeguard Network Management should be implemented under normal circumstances for Servers or Workstations with Shared Resources Connected to a Network.
¶ 9.2 Table Row “Intrusion Detection” in safeguard Network Management should be implemented under normal circumstances for Servers or Workstations with Shared Resources Connected to a Network. [¶ 8.2.4(5)(6), ¶ 9.2 Table Row “Network Monitoring”, ¶ 9.2 Table Row “Intrusion Detection”, ISO/IEC 13335-4 Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguards, 2000]

General Guidance

Automated tools should be used to check the system for the existence of unauthorized systems and wireless networks and to prevent unauthorized devices from connecting to the network. [CI1.4.5(c), CI1.4.5(d), NW1.2.2(k), NW2.3.5(b), NW2.4.2(d), NW3.1.3(c ), NW3.1.3(d), The Standard of Good Practice for Information Security]

EU Guidance

Controls should be in place to detect modem scanning attempts on your system. [§ IV.21, OECD / World Bank Technology Risk Checklist, Version 7.3]


Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.