3.1.17 — Protect wireless with authentication + encryption | NIST 800-171 Control

Wi-Fi uses enterprise authentication and strong encryption — not a shared password.

What it actually means

Authorized isn't enough; the wireless itself must be locked down with real authentication and strong encryption — WPA2/WPA3-Enterprise with 802.1X, not a pre-shared key taped to the wall.

Pass or fail — an assessor needs a "yes" to each

Wireless uses WPA2/WPA3-Enterprise (802.1X), not a shared PSK.
Encryption is current and strong.
Each user/device authenticates individually.

What to have ready

Wireless security configuration (WPA2/3-Enterprise, 802.1X)
RADIUS/identity integration
Disabled weak protocols

Where teams trip up

A single shared Wi-Fi password for everyone
WEP/WPA-Personal on CUI networks
Guest and CUI wireless not separated

Not Applicable only if no wireless is used for CUI (document it).

See where this control puts your score

Run all 110 requirements free in about 10 minutes.

Calculate your SPRS score →

Connected requirements

3.1.16 — Authorize wireless before connecting 3.13.11 — Crypto protecting CUI must be FIPS-validated

← Back to the Control Library