15.4: Disable Wireless Access on Devices if Not Required
Disable wireless access on devices that do not have a business purpose for wireless access.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Devices |
Protect |
3 |
Dependencies
Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Inputs
The list of endpoints
Operations
Enumerate all wireless-access-capable endpoints
- For each identified endpoint:
Determine whether the device has an identified business purpose for wireless access
Examine the endpoint’s configuration to determine whether wireless access is enabled
Enumerate all endpoints with wireless access enabled and without an identified business purpose for wireless access
Enumerate all endpoints without wireless access enabled and without an identified business purpose for wireless access
Enumerate all endpoints with wireless access enabled and with an identified business purpose for wireless access
Measures
M1 = List of all wireless-access-capable endpoints
M2 = List of endpoints with wireless access enabled and without an identified business purpose for wireless access
M3 = List of endpoints without wireless access enabled and without an identified business purpose
M4 = List of endpoints with wireless access enabled and with an identified business purpose for wireless access
M5 = Count of wireless-access-capable endpoints (count of M1)
M6 = Count of endpoints with wireless access enabled and without an identified business purpose for wireless access (count of M2)
M7 = Count of endpoints without wireless access enabled and without an identified business purpose (count of M3)
M8 = Count of endpoints with wireless access enabled and with an identified business purpose for wireless access (count of M4)
M9 = M7 + M8
Metrics
Coverage
Metric |
The ratio of appropriately configured wireless-access-capable endpoints to the total
number of wireless-access-capable endpoints
|
Calculation |
|