3.1.16 has a weight of -5 points

System Security Plan (SSP) for ABC Company

I. Introduction

This System Security Plan outlines the policies, procedures, and technical controls implemented at ABC Company to ensure secure wireless networking. The plan aligns with recognized standards such as FIPS 140-2, ensuring that the wireless infrastructure of the organization complies with regulatory requirements and security best practices.

II. Wireless Network Security

1. Encryption Standards:

   • WPA2/WPA3 Implementation: All wireless networks within ABC Company are secured using WPA2 or WPA3 encryption protocols. This ensures secure transmission of data and prevents unauthorized access.
   • FIPS 140-2 Compliance: The encryption methods utilized meet the Federal Information Processing Standards (FIPS) 140-2, ensuring robust cryptographic security.

2. Access Control:

   • Password Requirement: Strong passwords are enforced within the secure network. Password management policies detail the complexity and rotation requirements.
   • No Open Wireless Networks: ABC Company does not operate any open or unprotected wireless networks, ensuring that all connections require proper authentication and authorization.
   • Unauthorized Access Prevention: Measures are implemented to detect and prevent unauthorized devices from connecting to the network.

3. Monitoring and Audit:

   • Continuous monitoring and periodic auditing ensure that security controls are functioning correctly and that any suspicious activities are promptly detected and addressed.

Plan of Actions & Milestones (POA&M) for ABC Company’s Wireless Network Security

I. Introduction

This POA&M outlines the actions required to ensure the secure implementation and maintenance of wireless networking at ABC Company, aligned with the controls specified in the System Security Plan (SSP).

II. Actions & Milestones

1. Implement WPA3 Encryption across All Wireless Networks

   • Status: In Progress
   • Milestone Dates: Start: MM/DD/YYYY, Completion: MM/DD/YYYY
   • Resources: Network Security Team
   • Dependencies: Acquisition of compatible hardware/software
   • Remarks: Transition from WPA2 to WPA3 to enhance encryption standards

2. Enhance Password Security

   • Status: Planned
   • Milestone Dates: Start: MM/DD/YYYY, Completion: MM/DD/YYYY
   • Resources: IT Support, Security Team
   • Dependencies: Development of new password policies
   • Remarks: Ensure password complexity and rotation requirements

3. Eliminate Unauthorized Access

   • Status: In Progress
   • Milestone Dates: Start: MM/DD/YYYY, Completion: MM/DD/YYYY
   • Resources: Security Team, Network Administrators
   • Dependencies: Implementation of network monitoring tools
   • Remarks: Prevent unauthorized devices from accessing the network

4. Conduct Security Awareness Training

   • Status: Ongoing
   • Milestone Dates: Quarterly
   • Resources: HR, Security Training Vendor
   • Dependencies: Development of training material
   • Remarks: Regular training on WPA2/WPA3, FIPS 140-2, and related regulations

5. Regular Security Auditing and Monitoring

   • Status: Ongoing
   • Milestone Dates: Bi-annually
   • Resources: Internal Audit Team, Third-Party Auditors
   • Dependencies: Implementation of audit tools and procedures
   • Remarks: Continuous monitoring and periodic audits to ensure compliance

WPA2 vs WPA3 Alignment with NIST SP 800-171:

WPA3 introduces a significant enhancement in encryption by focusing on individualized encryption for each device on the network. Unlike WPA2, which encrypts the network as a whole using a shared key, WPA3 employs Simultaneous Authentication of Equals (SAE) to create a unique encryption key for each device. This means that even if one device’s encryption is compromised, the rest of the network remains secure, as each device has its unique encryption parameters. In contrast, WPA2’s encryption method treats the network as a single entity, sharing the same encryption key among all devices. If that shared key were to be compromised in a WPA2 network, an attacker could potentially access all devices on the network. This fundamental shift from network-wide encryption to device-specific encryption represents a significant advancement in security, making WPA3 more resilient against potential breaches.

• Secure Transmission: WPA2 provides secure transmission, aligning with the requirements of NIST SP 800-171 for protecting Controlled Unclassified Information (CUI).
• Potential Vulnerabilities: Some vulnerabilities, like the KRACK attack, have been discovered in WPA2, potentially causing non-compliance with NIST’s robust security controls.

WPA3: A Step Forward in Wireless Security

WPA3, introduced in 2018, is designed to overcome the shortcomings of WPA2, providing more robust security features:

• Enhanced Encryption: WPA3 employs stronger encryption methods, including Simultaneous Authentication of Equals (SAE), enhancing security.
• Forward Secrecy: Even if a password is compromised, WPA3’s forward secrecy ensures that historical data remains secure.
• Easier Connection to Devices: WPA3 supports Wi-Fi Easy Connect, making it easier to connect devices without a display.

Alignment with NIST SP 800-171:

• Stronger Security Controls: WPA3’s improved security features align more closely with the rigorous controls set by NIST SP 800-171.
• Compliance with FIPS: WPA3’s encryption standards are often in compliance with Federal Information Processing Standards (FIPS), an essential consideration for adherence to NIST guidelines.

Which One to Choose?

Organizations striving to comply with NIST SP 800-171 should consider the following:

• Current Infrastructure: Older devices may not support WPA3, so a gradual transition may be necessary.
• Compliance Needs: WPA3’s stronger security controls align more closely with NIST SP 800-171, providing an additional layer of assurance.
• Risk Assessment: A thorough risk assessment considering the specific needs and regulatory environment will guide the appropriate choice between WPA2 and WPA3.

Conclusion

WPA2 and WPA3 both offer robust wireless security but with notable differences. Organizations looking to align with NIST SP 800-171 must carefully consider their specific needs, risk profile, and compliance requirements when selecting between these two standards. The move towards WPA3 represents a step forward in wireless security and may provide an enhanced alignment with the stringent controls required by NIST.

Determine the Wi-Fi Security Protocol on macOS:

1. Hold down the “Option” (⌥) key on your keyboard.
2. While keeping the “Option” key pressed, click the Wi-Fi symbol located in the toolbar at the top of your screen.
3. A detailed menu will appear, displaying information about your network connection, including the specific Wi-Fi security type being used.

These quick steps will provide you with the information you need regarding the security protocol of your Wi-Fi connection on a macOS system.