Quarterly Wi-Fi survey
Demonstrate that the organization conducts comprehensive wireless network surveys at least quarterly to detect rogue access points, validate authorized wireless infrastructure, and identify security misconfigurations or signal propagation risks.
Description
What this control does
A quarterly Wi-Fi survey systematically identifies all wireless access points, SSIDs, and radio signals within and around organizational facilities using spectrum analyzers, Wi-Fi scanning tools, or site survey software. The survey detects unauthorized rogue access points, validates authorized AP configurations, measures signal bleed beyond facility boundaries, and identifies interfering devices. This periodic assessment prevents network infiltration via unauthorized wireless infrastructure and ensures the wireless attack surface remains known and controlled.
Control objective
What auditing this proves
Demonstrate that the organization conducts comprehensive wireless network surveys at least quarterly to detect rogue access points, validate authorized wireless infrastructure, and identify security misconfigurations or signal propagation risks.
Associated risks
Risks this control addresses
- Rogue access points deployed by attackers or insiders provide unmonitored entry points into the internal network, bypassing perimeter controls
- Unauthorized employee-installed wireless routers create shadow IT networks with weak or no encryption, exposing traffic to interception
- Evil twin access points mimicking legitimate SSIDs enable man-in-the-middle attacks and credential harvesting
- Wireless signal propagation beyond physical boundaries allows attackers to intercept traffic from parking lots or adjacent buildings
- Misconfigured authorized access points broadcasting guest networks on internal VLANs enable lateral movement
- Undetected wireless bridges installed by contractors or temporary staff create persistent backdoors after project completion
- Bluetooth or IoT devices operating in the 2.4 GHz spectrum cause denial-of-service conditions or provide alternative attack vectors
Testing procedure
How an auditor verifies this control
- Obtain and review the organization's quarterly Wi-Fi survey policy or procedure document, noting required survey scope, tools, frequency, and escalation processes for rogue device detection.
- Request all Wi-Fi survey reports generated during the audit period covering the most recent four quarters, verifying each includes survey date, location coverage, surveyor identity, and tool version used.
- Verify each survey report contains a complete inventory of detected SSIDs, MAC addresses (BSSIDs), signal strength measurements (RSSI/dBm), encryption protocols, and channel assignments.
- Cross-reference detected wireless infrastructure against the organization's authorized access point inventory or configuration management database to identify any unrecorded devices.
- Review documented investigation and remediation records for any rogue or unauthorized access points identified during surveys, confirming timely physical removal or MAC address blacklisting.
- Examine heat maps or facility floor plans included in survey reports showing signal coverage patterns and verify they identify areas where organizational wireless signals extend beyond controlled physical boundaries.
- Interview IT or security personnel responsible for conducting surveys to confirm survey methodology, tools utilized (e.g., Ekahau, NetSpot, Aircrack-ng, Kismet), and walking paths or sensor placement strategies.
- Select one facility location and request evidence of the most recent quarterly survey for that specific area, verifying the survey occurred within the required 90-day window from the previous survey.
Where this control is tested