Policy 637: Wireless Security, and accompanying standards were created to standardize agency implementation of wireless local area networks and use of wireless devices operating on the state network.

Standard 637S1: Wireless Networks details how an agency should implement a wireless network to comply with state and federal regulations.

Standard 637S2: Wireless Clients depicts proper practice for wireless client devices accessing state information resources over a wireless connection.

Standard 637S3: Bluetooth Security deals with best practices to ensure confidentiality and integrity of information when using Bluetooth devices.


These documents will replace the following legacy documents:

  • Policy 643: Wireless Security
  • Standard 643S1: Wireless Networks
  • Standard 643S2: Wireless Clients
  • Standard 643S3: Bluetooth Security


Risks addressed in this document set:

  • Users of wireless mobile devices accessing state information resources
  • Authentication and encryption standards for wireless devices accessing information or data on state networks
  • Securing Bluetooth functionality when attaching Bluetooth devices¬†to information systems with access to state networks


Policy 637 and Standards 637S1, 637S2, and 637S3 address the following NIST 800-53r4 (and IRS Publication 1075) security controls:

  • AC-18: Wireless Access
  • CM-7: Least Functionality
  • IA-2: Identification and Authentication
  • IA-3: Device Identification and Authentication
  • IA-7: Cryptographic Module Authentication
  • PE-1: Physical and Environmental Protection
  • PE-18: Location of Information System Components


View or Download:

DRAFT Policy 637: Wireless Security

DRAFT Standard 637S1: Wireless Networks

DRAFT Standard 637S2: Wireless Clients

DRAFT Standard 637S3: Bluetooth Security