Assessing 802.1X Components in Wireless Networks
Use evaluated devices and servers for secure wireless network authentication.
Plain language
When you connect to wireless internet at home or work, you want to make sure only the right people have access. This control ensures that devices and servers involved in allowing people onto the network are properly checked and secure. If you skip this step, unauthorised people could get in, potentially leading to sensitive information being stolen or the network being disrupted.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for networkingSection
Wireless networksOfficial control statement
Evaluated supplicants, authenticators, wireless access points and authentication servers are used in wireless networks.
Why it matters
Without evaluated 802.1X components, intruders can bypass network access controls, leading to data breaches and service disruptions.
Operational notes
Verify supplicants, APs, authenticators and AAA servers are evaluated/approved, and keep their firmware current.
Implementation tips
- The IT team should evaluate wireless devices: Check that all devices, such as laptops and phones, which connect to the wireless network, are from trusted vendors and have the latest security checks in place. They can do this by maintaining an updated list of approved devices and ensuring these are evaluated regularly.
- Managers should work with IT to choose authenticator equipment: They should pick equipment like wireless routers that include strong security features and have been reviewed for vulnerabilities. This can be done by consulting with a trusted IT security provider to make informed purchase decisions.
- The system owner should ensure authentication servers are secure: Make sure that servers controlling who gets access to the network are protected against threats. This involves regular updates and security patches, which the IT team can schedule and execute.
- Procurement teams should purchase evaluated wireless access points: Ensure these devices are from suppliers known for secure equipment, having undergone proper evaluation against industry standards. They can verify this by checking certifications and documentation that accompanies the equipment.
- The IT department should conduct regular reviews: They need to check that all network components align with set security standards, including wireless access points. This process includes auditing existing devices and scanning for vulnerabilities and possible weak links.
Audit / evidence tips
-
Aska list of approved wireless devices: Request a report showing devices allowed to connect to the network
Goodshows all devices have recent evaluations and adhere to security guidelines
-
Askpurchase records of authenticator equipment: Examine these to see if the equipment was chosen based on security capabilities
Goodincludes documentation from a trusted security advisor who validated the equipment
-
Askpatch management records for authentication servers: These should detail updates and maintenance schedules
Goodis a well-documented schedule showing regular updates from trusted vendors
-
Askto see the security certifications of wireless access points: Request documentation showing these access points have passed evaluations
Goodincludes certifications from organisations like the ACSC or compliance with ASD standards
-
Askthe results of the last network security review: Request a document or report summarising the findings and solutions from recent checks
Goodincludes detailed findings with clear steps that were taken to mitigate risks
Cross-framework mappings
How ISM-1322 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 8.5 | ISM-1322 requires organisations to use evaluated 802.1X components (supplicants, authenticators, wireless access points and authenticatio... | |
| Annex A 8.20 | ISM-1322 requires use of evaluated 802.1X ecosystem components to provide trustworthy authentication for wireless network access | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.