Requiring Certificates for Wireless Network Access
Devices and users must have certificates to connect to wireless networks.
Plain language
This control means that any device or person trying to connect to your wireless network must show a digital certificate. Think of it like having a special pass to enter a secure area. This is important because, without it, unauthorised people could easily access your network, stealing information or causing damage.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
May 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for networkingSection
Wireless networksOfficial control statement
Certificates are required for devices and users accessing wireless networks.
Why it matters
Without certificates for wireless access, unauthorised users can hijack network traffic, compromising data integrity and confidentiality.
Operational notes
Regularly update and manage device/user certificates, ensuring certificate revocation lists are current to prevent access from compromised devices.
Implementation tips
- The IT team should set up a system to issue digital certificates to devices and users. They can use a Certificate Authority (CA), which is a tool that helps create and manage these certificates securely.
- Managers or team leads should ensure all employees understand the need for certificates to access the network. They can do this by organising short training sessions where the process and importance are explained in simple terms.
- The IT team should configure the network to only accept connections from devices with the correct certificates. This involves changing the network settings to require certificate validation for access.
- System administrators should continually monitor and manage the certificates, renewing them before they expire. This can be done by using tools that alert them when a certificate is about to expire.
- Procurement should ensure any new equipment purchased can support the use of certificates. They can do this by specifying this requirement in product purchase agreements with vendors.
Audit / evidence tips
- AskThe list of all issued certificates: Request the document or system report showing which certificates have been issued and to whom GoodA comprehensive, current list with details for each certificate, indicating who or what device it corresponds to
- AskThe network configuration settings: Request documentation or a demonstration of the network's settings for certificate verification GoodSettings that clearly show certificate verification is active and operational
- AskTraining records for staff awareness: Request evidence of employee training on the importance of certificates GoodRecords showing regular training sessions with clear information about certificates and their role
- AskAlerts or logs related to expired certificates: Request reports or logs about any certificates that were renewed or expired GoodLogs showing proactive renewals and no instances of service disruption due to expired certificates
- AskPurchase agreements of network equipment: Request documents detailing procurement specs for new equipment GoodPurchase documents indicating that all new equipment is capable of supporting digital certificates
Cross-framework mappings
How ISM-1323 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (3) expand_less | ||
| Annex A 8.3 | ISM-1323 requires certificates for devices and users accessing wireless networks, restricting who/what can join the WLAN | |
| Annex A 8.20 | ISM-1323 requires that devices and users present certificates to access wireless networks, enforcing strong, credential-based network adm... | |
| Annex A 8.21 | ISM-1323 mandates certificate-based authentication for wireless network access by users and devices | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.