Wi-Fi access is approved before any device is allowed to connect.
What it actually means
Before a device joins a wireless network that can reach CUI, that access has to be explicitly authorized. You define which wireless networks and devices are permitted, approve them, and prohibit everything else — no rogue access points, no unmanaged devices hopping on.
Pass or fail — an assessor needs a "yes" to each
- Permitted wireless networks and devices are documented and approved.
- Unauthorized wireless connections are blocked or prohibited by policy + technical control.
- An owner approves wireless access before it's granted.
What to have ready
- Wireless authorization policy + approved-device list
- Wireless controller / NAC configuration
- Rogue-AP detection if used
Where teams trip up
- Open or unmanaged Wi-Fi that can reach CUI
- No record of which wireless is approved
- Personal devices joining the CUI wireless
Not Applicable only if no wireless networking is used for CUI — document it and prohibit enabling wireless without a change and reassessment.
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →