CMMC Level 2
Control 3.1.17
Protect Wireless Access Using Authentication and Encryption
CMMC-RP Certified Team
24+ Years Experience
2,500+ Clients Served
Official Requirement
Protect wireless access using authentication and encryption.
What This Means in Plain English
Your wireless network must use strong authentication (like WPA3 or WPA2-Enterprise) and encryption so that data transmitted over WiFi cannot be intercepted or accessed by unauthorized parties.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- WPA3-Enterprise with 802.1X RADIUS authentication on all corporate wireless networks
- Cisco Meraki wireless infrastructure with AES-256 encryption for all wireless traffic
- Certificate-based authentication for managed devices via Microsoft Entra
- Wireless IDS/IPS through Meraki detecting rogue access points and deauthentication attacks
- Regular wireless security assessments and penetration testing
Assessment Guidance
Assessors will verify wireless encryption standards (WPA2-Enterprise minimum), test that wireless authentication requires individual credentials, check for rogue access point detection, and confirm that deprecated protocols (WEP, WPA-PSK) are disabled.
Common Implementation Gaps
- Using WPA2-Personal (PSK) instead of Enterprise with RADIUS
- Legacy WEP encryption still enabled on some access points
- No wireless intrusion detection or rogue AP monitoring
- Shared wireless passwords posted publicly
- No regular wireless security assessment
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | AC-18(1) |
| HIPAA | 164.312(e)(1) - Transmission Security |
| PCI DSS | Req 4.1.1 - Industry best practices for wireless encryption |
Need Help Implementing 3.1.17?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment