• Requirement

    Authorize wireless access prior to allowing such connections.

  • Discussion

    Establishing usage restrictions and configuration/connection requirements for wireless access to the system provides criteria for organizations to support wireless access authorization decisions. Such restrictions and requirements reduce the susceptibility to unauthorized access to the system through wireless technologies. Wireless networks use authentication protocols that provide credential protection and mutual authentication.

More Info

  • Title

    Wireless Access Authorization
  • Domain

    Access Control
  • CMMC Level

  • Related NIST 800-171 ID

  • Related NIST 800-53 ID


  • DoD Scoring Methodology Points


  • Reference Documents

    • N/A

  • Further Discussion

    Guidelines from management form the basis for the requirements that must be met prior to authorizing a wireless connection. These guidelines may include the following:

    • types of devices, such as corporate or privately owned equipment;
    • configuration requirements of the devices; and
    • authorization requirements before granting such connections.

    AC.L2-3.1.16, AC.L2-3.1.17, and AC.L2-3.1.18 are complementary requirements in that they all establish control for the connection of mobile devices and wireless devices through the use of authentication, authorization, and encryption mechanisms.


    Your company is implementing a wireless network at its headquarters. CUI may be transmitted on this network. You work with management to draft a policy about the use of the wireless network. The policy states that only company-approved devices that contain verified security configuration settings are allowed to connect. The policy also includes usage restrictions that must be followed for anyone who wants to use the wireless network. Authorization is required before devices are allowed to connect to the wireless network [b].

    Potential Assessment Considerations

    • Is an updated list of approved network devices providing wireless access to the system maintained [a]?
    • Are network devices providing wireless access configured to require users or devices be authorized prior to permitting a wireless connection [b]?
    • Is wireless access to the system authorized and managed [b]?

NIST 800-171A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!