Policy 637: Wireless Security, and accompanying standards were created to standardize agency implementation of wireless local area networks and use of wireless devices operating on the state network.
Standard 637S1: Wireless Networks details how an agency should implement a wireless network to comply with state and federal regulations.
Standard 637S2: Wireless Clients depicts proper practice for wireless client devices accessing state information resources over a wireless connection.
Standard 637S3: Bluetooth Security deals with best practices to ensure confidentiality and integrity of information when using Bluetooth devices.
These documents will replace the following legacy documents:
- Policy 643: Wireless Security
- Standard 643S1: Wireless Networks
- Standard 643S2: Wireless Clients
- Standard 643S3: Bluetooth Security
Risks addressed in this document set:
- Users of wireless mobile devices accessing state information resources
- Authentication and encryption standards for wireless devices accessing information or data on state networks
- Securing Bluetooth functionality when attaching Bluetooth devices to information systems with access to state networks
Policy 637 and Standards 637S1, 637S2, and 637S3 address the following NIST 800-53r4 (and IRS Publication 1075) security controls:
- AC-18: Wireless Access
- CM-7: Least Functionality
- IA-2: Identification and Authentication
- IA-3: Device Identification and Authentication
- IA-7: Cryptographic Module Authentication
- PE-1: Physical and Environmental Protection
- PE-18: Location of Information System Components
View or Download:
DRAFT Policy 637: Wireless Security
DRAFT Standard 637S1: Wireless Networks