Prevent SSID Broadcasting on Access Points
Wireless networks should have their SSID broadcasting disabled for security.
Plain language
Disabling SSID broadcasting on wireless networks means your network won't be visible to everyone nearby. This matters because if your network is hidden, it's harder for strangers or attackers to try to access it without permission, reducing the risk of unauthorised use or data breaches.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
SSID broadcasting is not disabled on wireless access points.
Why it matters
If SSID broadcasting is enabled, attackers can easily discover and target your network, increasing the risk of unauthorised access and data breaches.
Operational notes
Regularly confirm SSID broadcast is disabled on all access points and ensure staff understand its impact on security posture.
Implementation tips
- The IT team should disable SSID broadcasting on all wireless access points. They can do this by accessing the router settings and turning off the 'Broadcast SSID' option. This will make your network invisible to casual users scanning for available networks.
- Business managers should inform employees about the SSID change. Explain to staff that the network will still function the same, but they will need to manually enter the network name and password for initial connection.
- The IT team should document the SSID settings change. Create a simple record noting when the change was made and by whom, as well as instructions for users on how to connect manually.
- IT support should provide training on how to connect to a hidden network. Conduct short sessions or provide written guides on how to enter network details into devices manually for staff who may not know how.
- The IT team should regularly review SSID settings. Set a reminder to check wireless access point configurations every few months to ensure settings like SSID broadcasting remain as intended, as updates or resets could revert settings.
Audit / evidence tips
-
Askthe SSID configuration records: Request documentation detailing the current settings of wireless networks
Goodwill show a document or screenshot confirming the 'Broadcast SSID' option is disabled
-
Askto see a demonstration of connecting to the network: Request that a demonstration be performed using a device to show how connection occurs with SSID broadcasting disabled
Goodresult would show a user successfully accessing the network without seeing it listed
-
Askstaff communication records: Request the emails or meeting notes where staff were informed about the SSID change
Goodincludes emails or memos with instructions sent out to all relevant employees
-
Askevidence of periodic reviews: Request records or reminders showing that SSID settings are regularly reviewed
Goodincludes marked calendar events or logs with dates and findings
-
Asktraining materials used for the hidden network setup: Request any documents or presentations provided to staff on connecting to a hidden network
Goodwould include user-friendly guides or slides that staff have access to
Cross-framework mappings
How ISM-1318 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.20 | ISM-1318 requires organisations to harden wireless access points by disabling SSID broadcasting to reduce wireless network discoverability | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.