Remove all unauthorized wireless access points.

Back

CONTROL ID
11856

CONTROL TYPE
Configuration

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Establish, implement, and maintain a Wireless Local Area Network Configuration Management program., CC ID: 01646

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

Verify the organization's incident response plan includes a response in the event unauthorized wireless devices are detected. (§ 11.1.c, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
Verify the organization's Incident Response Plan (Requirement 12.9) includes a response in the event unauthorized wireless devices are detected. (§ 11.1.e Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
There should be documented standards / procedures for controlling wireless access to the network, which cover detection of unauthorized Wireless Access Points and wireless devices. (CF.09.06.02d, The Standard of Good Practice for Information Security)
There should be documented standards / procedures for controlling wireless access to the network, which cover detection of unauthorized Wireless Access Points and wireless devices. (CF.09.06.02d, The Standard of Good Practice for Information Security, 2013)
The organization should deactivate all unauthorized access points. (Critical Control 7.3, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
For wireless devices, the organization must shut down access points when they are not in use. (CSR 10.10.5(3), Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)