15.1: Maintain an Inventory of Authorized Wireless Access Points
Maintain an inventory of authorized wireless access points connected to the wired network.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Identify |
2, 3 |
Dependencies
Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Inputs
The list of wireless access points
Operations
Utilize a discovery tool or process to examine the network topology to collect the “ground truth” list of wireless access points connected to the wired network.
Evaluate the complement of Input 1 and Operation 1 to obtain the list of non-inventoried wireless access points.
Evaluate the intersection of Input 1 and Operation 1 to obtain the list of inventoried wireless access points.
Compare the results of Operation 3 to the inventory to determine which access points in the inventory are noted as not authorized.
Measures
M1 = Count of wireless access points in the inventory (from Input 1)
M2 = List of discovered wireless access points, from Operation 1
M3 = Count of M2
M4 = List of non-inventoried wireless access points, as discovered by Operation 2
M5 = Count of M4
M6 = List of inventoried wireless access points, as discovered by Operation 3
M7 = Count of M6
M8 = List of discovered, but unauthorized, wireless access points, as discovered by Operation 4
M9 = Count of M8
Metrics
Coverage
Metric |
The ratio of discovered wireless access points to the total inventoried list of
wireless access points.
|
Calculation |
|
Inventory Gap
Metric |
Are there any discovered wireless access points that are not contained in the
inventory?
|
Calculation |
|
Unauthorized Usage
Metric |
Are there any discovered wireless access points which are contained in the
inventory but are noted as not authorized?
|
Calculation |
|