15.8: Use Wireless Authentication Protocols That Require Mutual, Multi-Factor Authentication
Ensure that wireless networks use authentication protocols such as Extensible Authentication Protocol-Transport Layer Security (EAP/TLS), that requires mutual, multi-factor authentication.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Protect |
3 |
Dependencies
Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Inputs
The list of endpoints
The list of authorized authentication protocols
Operations
Enumerate all wireless access points
- For each identified wireless access point, examine its configuration for the following noting appropriately and inappropriately configured endpoints along the way:
Configured authentication protocol (compare to list of authorized authentication protocols)
Enumerate all appropriately configured endpoints
Enumerate all inappropriately configured endpoints
Measures
M1 = List of all wireless access points
M2 = List of appropriately configured wireless access points
M3 = List of inappropriately configured wireless access points
M4 = Count of wireless access points (count of M1)
M5 = Count of appropriately configured wireless access points (count of M2)
M6 = Count of inappropriately configured wireless access points (count of M3)
Metrics
Coverage
Metric |
The ratio of appropriately configured wireless access points to the total number of
wireless access points
|
Calculation |
|