Enabling 802.11w to Protect Wireless Management Frames
Ensure wireless networks use the 802.11w standard to secure management frames from tampering.
Plain language
Making sure your wireless networks use the 802.11w standard means the management instructions sent over Wi-Fi are protected from being messed with by any meddler. If this isn't done, a hacker could trick the network into dropping users or cause general chaos, which could disrupt business or school activities.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2018
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for networkingSection
Wireless networksOfficial control statement
Wireless access points enable the use of the 802.11w amendment to protect management frames.
Why it matters
Without 802.11w, attackers can spoof/deauth management frames to disrupt Wi‑Fi and enable evil twin/traffic capture, harming continuity.
Operational notes
Regularly confirm 802.11w (PMF) is enabled on all APs/SSIDs (preferably required), and monitor for spoofed deauth/disassoc events.
Implementation tips
- The IT team should ensure all wireless access points are configured to use the 802.11w standard. They can do this by checking the settings in the management interface of each device and enabling the 802.11w option if it's not already turned on.
- Network administrators should update all wireless device firmware to the latest version that supports 802.11w. This can typically be done by downloading updates from the manufacturer’s website and following the installation instructions.
- The procurement officer should confirm that any new wireless devices purchased support 802.11w. When buying new equipment, they should check the technical specifications or ask vendors directly about 802.11w compatibility.
- IT support staff should educate employees about the importance of network security features such as 802.11w. A short workshop or training session can help staff recognise why these protections are important for preventing wireless attacks.
- The IT manager should regularly review and test the wireless network's security settings, including the 802.11w configuration, to ensure compliance. They could schedule quarterly checks, testing the network with security tools to confirm 802.11w is active and functioning.
Audit / evidence tips
-
Aska network configuration report: Request the documentation showing current wireless network settings
-
Askfirmware update logs: Request records of recent firmware updates for all wireless devices
-
Askpurchase records of wireless devices: Request documentation for the latest wireless hardware purchases
-
Askevidence of training sessions: Request records of any recent staff training on network security
-
Askthe last security audit results: Request the results of the most recent internal or external review of the wireless network's security
Cross-framework mappings
How ISM-1335 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.21 | ISM-1335 mandates enabling 802.11w to protect wireless management frames against manipulation | |
| link Related (1) expand_less | ||
| Annex A 8.20 | Annex A 8.20 requires secure management and control of networks and network devices to protect information from unauthorised access or in... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.