Does your organization implement network monitoring controls to detect and alert on unauthorized endpoint connections to both wired and wireless networks?
Explanation
Network monitoring for unauthorized endpoints is essential for detecting potential security breaches, rogue devices, and policy violations before they can cause harm. This includes monitoring both wired connections (like unauthorized computers or servers) and wireless connections (like unauthorized mobile devices or access points) that could be used to bypass security controls or exfiltrate data.
Evidence could include screenshots of network access control (NAC) systems, logs from network monitoring tools showing detection of unauthorized devices, documentation of alerting procedures when unauthorized connections are detected, or network diagrams showing placement of monitoring solutions.
Implementation Example
Monitor wired and wireless networks for connections from unauthorized endpoints
ID: DE.CM-01.272
Context
- Function
- DE: DETECT
- Category
- DE.CM: Continuous Monitoring
- Sub-Category
- Networks and network services are monitored to find potentially adverse events
Related questions
- Does your organization have a system in place to monitor DNS, BGP, and other critical network services for suspicious or malicious activities?
- Does your organization have a process to regularly monitor facilities for unauthorized or rogue wireless networks?
- Does your organization regularly compare actual network traffic flows against established baselines to detect and investigate deviations?
- Does your organization continuously monitor network communications to detect changes in security postures as part of a zero trust architecture?
- Does your organization monitor physical access control logs for unusual patterns and failed access attempts?
- Does your organization regularly review and monitor physical access records to track visitor and personnel entry to facilities?

