Does your organization have a process to regularly monitor facilities for unauthorized or rogue wireless networks?
Explanation
Unauthorized wireless networks can create security vulnerabilities by providing attackers with potential entry points that bypass established network security controls. Regular monitoring helps detect rogue access points, unauthorized hotspots, or malicious wireless devices that may have been installed by external threat actors or non-compliant employees.
Evidence could include wireless scanning reports, network monitoring logs, documentation of a wireless intrusion detection system (WIDS), or a written procedure for periodic wireless network sweeps with timestamps of when they were performed.
Implementation Example
Monitor facilities for unauthorized or rogue wireless networks
ID: DE.CM-01.273
Context
- Function
- DE: DETECT
- Category
- DE.CM: Continuous Monitoring
- Sub-Category
- Networks and network services are monitored to find potentially adverse events
Related questions
- Does your organization have a system in place to monitor DNS, BGP, and other critical network services for suspicious or malicious activities?
- Does your organization implement network monitoring controls to detect and alert on unauthorized endpoint connections to both wired and wireless networks?
- Does your organization regularly compare actual network traffic flows against established baselines to detect and investigate deviations?
- Does your organization continuously monitor network communications to detect changes in security postures as part of a zero trust architecture?
- Does your organization monitor physical access control logs for unusual patterns and failed access attempts?
- Does your organization regularly review and monitor physical access records to track visitor and personnel entry to facilities?

