Pro audit program · v1.0

Wi-Fi Security Audit

Office Wi-Fi quick audit — segmentation, encryption, guest network and rogue AP detection.

General target area
NIST CSF framework
6 controls in this program
Cyentrix Cyentrix Trusted Author

Sign in to run → Back to library

About this program

Office Wi-Fi quick audit — segmentation, encryption, guest network and rogue AP detection.

Risks addressed

High Guest network bridges into corporate VLAN
Medium Pre-shared key reused for years
High Rogue AP plugged into the corporate network

Controls (6)

Corporate SSID uses 802.1X (EAP-TLS / PEAP)
High

Corporate SSID uses 802.1X (EAP-TLS / PEAP)

How to test + evidence

Testing procedure: No PSK on the corporate SSID — every user authenticates via RADIUS/IdP.

Evidence to collect: WLC config.
Guest SSID isolated from corporate VLAN
Critical

Guest SSID isolated from corporate VLAN

How to test + evidence

Testing procedure: Guest network on separate VLAN with internet-only egress; no internal routing.

Evidence to collect: VLAN diagram + ACL export.
WPA3 (or WPA2-Enterprise) only
High

WPA3 (or WPA2-Enterprise) only

How to test + evidence

Testing procedure: No WPA / WPA2-Personal on production. WPA3 preferred.

Evidence to collect: WLC SSID config.
Rogue AP detection enabled
Medium

Rogue AP detection enabled

How to test + evidence

Testing procedure: WIPS / rogue AP detection on the controller flagging unknown SSIDs.

Evidence to collect: WIPS alerts last 30 days.
Per-user keying / MAC filtering for IoT
Medium

Per-user keying / MAC filtering for IoT

How to test + evidence

Testing procedure: IoT devices on their own SSID + VLAN with restricted egress.

Evidence to collect: IoT segmentation map.
Quarterly Wi-Fi survey
Low

Quarterly Wi-Fi survey

How to test + evidence

Testing procedure: Coverage / interference / rogue survey at least quarterly.

Evidence to collect: Most recent survey report.