NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION
SC-40 — Wireless Link Protection
Protect external and internal {{ insert: param, sc-40_prm_1 }} from the following signal parameter attacks: {{ insert: param, sc-40_prm_2 }}.
Supplemental Guidance
Wireless link protection applies to internal and external wireless communication links that may be visible to individuals who are not authorized system users. Adversaries can exploit the signal parameters of wireless links if such links are not adequately protected. There are many ways to exploit the signal parameters of wireless links to gain intelligence, deny service, or spoof system users. Protection of wireless links reduces the impact of attacks that are unique to wireless systems. If organizations rely on commercial service providers for transmission services as commodity items rather than as fully dedicated services, it may not be possible to implement wireless link protections to the extent necessary to meet organizational security requirements.
Practitioner Notes
Wireless communications — WiFi, Bluetooth, cellular — need protection from eavesdropping, jamming, and unauthorized access because radio signals can be intercepted from a distance.
Example 1: Configure all corporate WiFi access points to use WPA3-Enterprise with 802.1X certificate-based authentication. Disable legacy protocols (WEP, WPA, WPA2-Personal) that are vulnerable to known attacks.
Example 2: Use a wireless intrusion detection system (WIDS) like Cisco Aironet or Aruba to detect rogue access points, evil twin attacks, and deauthentication attacks. Alert your security team when unauthorized wireless devices are detected near your facilities.