11.2 Wireless access points are identified and monitored, and unauthorized wireless access points are addressed.
This requirement focuses on identifying and monitoring wireless access points to prevent unauthorized access to the network. It ensures that organizations regularly test for, detect, and address both authorized and unauthorized wireless access points to prevent malicious users from exploiting wireless technology to gain access to the network and cardholder data.
Sub-requirements:
11.2. Wireless access points are detected and responded to.
Ensure that all authorized and unauthorized wireless access points are detected and responded to in a timely manner.
Key Risks
Frequently Asked Questions
Why is wireless access point detection important?
Rogue or unauthorized wireless access points can provide attackers with a direct path into the network.
How often should wireless scans be performed?
At least quarterly, and after significant changes to the network.
What should be done if an unauthorized wireless access point is found?
It should be investigated immediately and removed or disabled as soon as possible.
How are wireless access points monitored?
Through automated scanning tools and manual inspections.
What are the risks of not monitoring wireless access?
Attackers could bypass perimeter controls and gain access to sensitive systems.
Common QSA Questions
Can you show evidence of wireless scans and findings?
Yes, we maintain logs and reports of all wireless scans and incident responses.
How is the response to unauthorized wireless access points managed?
We have documented procedures for investigation, removal, and incident tracking.
How are authorized wireless access points tracked?
We maintain an inventory of all authorized access points and review it regularly.
Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy