Ensure Wireless Devices are Wi-Fi Alliance Certified
All wireless devices must have Wi-Fi Alliance certification for security standards.
Plain language
This control means that any wireless devices your organisation buys or uses should have a seal of approval from the Wi-Fi Alliance. This matters because it ensures these devices stick to important security standards. Without this certification, there's a risk that the devices could have security flaws, making your network vulnerable to hackers snooping in or stealing sensitive information.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
All wireless devices are Wi-Fi Alliance certified.
Why it matters
Without Wi‑Fi Alliance certification, Wi‑Fi devices may lack verified security and interoperability, increasing the risk of weak encryption, misconfiguration and unauthorised access.
Operational notes
Maintain an approved device register and verify Wi‑Fi Alliance certification (model/firmware) during procurement and onboarding; periodically re-check certification for fleet changes.
Implementation tips
-
Look atthe Wi-Fi Certified logo on product boxes or check the manufacturer's website to confirm this certification
- IT managers should create a list of all existing wireless devices currently in use and verify their certification status with the Wi-Fi Alliance. Use the Wi-Fi Alliance website to cross-check each device model.
- System administrators should educate staff involved in purchasing on the importance and recognition of the Wi-Fi Certified logo. This can be done through a simple workshop or information session highlighting the risks of using uncertified devices.
- IT teams should establish a process to regularly review and update the inventory of wireless devices, ensuring ongoing compliance. This could be done quarterly, where devices are re-checked for their certification status.
- Leadership should define and enforce a policy that prohibits the use of uncertified wireless devices within the organisation. Communicate this policy through staff meetings, emails, and inclusion in the organisation's handbook.
Audit / evidence tips
-
Askthe procurement records of wireless devices: Request to see purchase orders or receipts for all wireless devices to confirm they feature Wi-Fi Alliance certification
Goodincludes clear documentation showing each device's certification status
-
Askthe inventory list of all wireless devices: Review this list against the Wi-Fi Alliance database. Look to ensure every device listed is verified as certified
Goodis when all listed devices are confirmed as certified on the Wi-Fi Alliance's site
-
Asktraining materials provided to the purchasing team
Goodshows that staff were informed about the certification and why it matters
-
Askto see the policy on wireless device usage: Ensure it clearly mandates using Wi-Fi Certified devices
Goodincludes a documented and widely communicated policy
-
Askrecords of compliance checks or audits
Goodincludes documented evidence of regular device compliance reviews and any actions taken for non-compliance
Cross-framework mappings
How ISM-1314 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 8.20 | ISM-1314 requires that all wireless devices used by the organisation are Wi‑Fi Alliance certified | |
| Annex A 8.21 | ISM-1314 requires that all wireless devices are Wi‑Fi Alliance certified, effectively setting a minimum standard for wireless device capa... | |
| handshake Supports (2) expand_less | ||
| Annex A 5.10 | ISM-1314 requires that only Wi‑Fi Alliance certified wireless devices are permitted for use | |
| Annex A 7.9 | Annex A 7.9 mandates protection of off-site assets, including secure connectivity for wireless devices | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.