Wireless Access Authorization (NIST 800-171 3.1.16)
Unauthorized wireless connections pose critical security risks to systems handling controlled unclassified information. NIST 800-171 control 3.1.16 requires you to authorize wireless access before allowing any connections to your network. This prevents rogue devices and attackers from gaining entry through uncontrolled wireless channels.
What this means
Wireless Access Authorization requires establishing and enforcing a formal process to approve wireless network connections before they are permitted. Rather than allowing open or default wireless access, you must validate that each wireless device and user requesting network access meets your security requirements and has legitimate business need. This control ensures only authorized personnel and approved devices can connect via wireless, reducing the attack surface and preventing unauthorized network intrusion.
How to comply
- 1.Create a wireless access authorization policy that defines approval criteria and required documentation
- 2.Establish an authorization request and review process with designated approvers
- 3.Maintain a current inventory of authorized wireless devices, users, and access credentials
- 4.Configure wireless network infrastructure to require authentication before granting access
- 5.Implement wireless access controls (MAC filtering, 802.1X, certificate-based auth) to enforce authorizations
- 6.Conduct quarterly reviews of active wireless connections against your authorization records
- 7.Document all wireless access approvals with date, authorizer name, and business justification
- 8.Disable or revoke wireless access immediately when users leave or roles change
- 9.Configure network monitoring to alert on unauthorized wireless connection attempts
Evidence auditors look for
- Wireless Access Authorization Policy document with approval workflows
- Authorized Wireless Devices inventory spreadsheet with MAC addresses and user assignments
- Wireless access request forms with approval signatures and authorization dates
- Network access control (NAC) configuration showing authentication requirements
- Wireless infrastructure settings (WPA2/WPA3 encryption, 802.1X enforcement)
- Audit logs of wireless connection attempts and authentications
- Quarterly wireless access review documentation with approved device lists
- User access termination checklists showing wireless credential revocation dates
- Wireless network monitoring alerts for unauthorized connection attempts
Frequently asked questions
When will FAQs be available?
The FAQ for this control is currently being prepared.
GRCWatch automates wireless device inventory tracking and generates authorization audit logs directly from your network infrastructure, eliminating manual spreadsheet maintenance and proving wireless access compliance to auditors in real-time.
See how GRCWatch handles this control automatically
Start free trial