Did you Know there's a NIST for that?

Free Guidelines to Secure Your Wi-Fi Network

As a Network/Wi-Fi Engineer, you often hear acronyms like IEEE, NIST, and IETF. These groups are composed of incredibly smart individuals who have made significant contributions to the world. Sometimes I think, 'I'll read an IEEE standard someday.' I've seen occasional jobs that pay you to do just that, and I think that would be cool (though I’ve got a good gig).

I've been studying for the Cisco CyberOps exam because I believe the Cisco exam and the GIAC GEC cover essential computing security standards that should be well-known by IT professionals. Cisco offered the CyberOps course for free on CiscoU for a limited time, and I decided it was the perfect opportunity to get certified. If you're not signed up for CiscoU, you should consider it. CiscoU offers free training, and occasionally they provide courses for certification renewals that are quite valuable. I bought the book, CCNA Cyber Ops Associate CBROPS 200-201 Official Cert Guide, by Omar Santos (Copyright 2021), as I wanted more material (and can no longer access the free content).

As a Principal WiFi Engineer, I was particularly excited about Chapter 7, "Introduction to Security Operations Management," because it references NIST SP 800-124, which identifies threats to organizations due to the use of mobile devices. This information is invaluable. I've been working to find the right words and examples to explain to clients why it's not advisable to allow phone devices to connect to their corporate SSID due to the promiscuous nature of such devices. Omar's book highlights the need for mobility management due to the nature of mobile devices, including:

• Lack of physical security controls

• Use of untrusted devices

• Use of untrusted networks

• Use of untrusted applications

• Interaction with other systems

• Use of untrusted content

• Use of location services

Wow, that is helpful! I've wondered what other wireless NIST documents are out there, ready to assist me in securing wireless environments. I searched- and BAM! Here are some key NIST publications related to wireless security:

• NIST Special Publication (SP) 800-124: Secure Mobility

• NIST SP 800-153: Guidelines for Securing Wireless Local Area Networks (WLANs)

• NIST SP 800-97: Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i

• NISTIR 8259 Series: Foundational cybersecurity activities for IoT device manufacturers

• NIST SP 800-213 Series: IoT device cybersecurity guidance for the federal government, including catalogs of cybersecurity requirements

• NISTIR 8425: Consumer IoT product security

• NIST SP 800-48: Wireless Network Security: 802.11, Bluetooth, and Handheld Devices

• NIST SP 1800-33A: 5G Cybersecurity Volume A (draft executive summary released, focused on 5G cybersecurity practice guides)

With all this rich information, for those new to NIST, here's a quick introduction (Generated by Gemini AI):

The National Institute of Standards and Technology (NIST) is a non-regulatory agency within the U.S. Department of Commerce. Its core mission revolves around promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology. NIST plays a crucial role in developing and providing standards, measurements, and technology essential for various industries, government agencies, and scientific communities. It aims to enhance productivity, facilitate trade, and improve the quality of life.

Key Functions:

• Measurement Science: NIST conducts research to advance measurement science, ensuring accuracy and reliability in various fields.

• Standards Development: NIST develops and promotes standards used in various industries, including information technology and cybersecurity.

• Technology Development: NIST conducts research and develops technologies that contribute to U.S. economic growth and national security.

• Cybersecurity Role: NIST is particularly well-known for its work in cybersecurity. It develops frameworks, guidelines, and standards that help organizations manage and mitigate cybersecurity risks. The NIST Cybersecurity Framework is a widely recognized and adopted set of best practices for cybersecurity. NIST also publishes a large number of special publications, the 800 series, which provide guidance on many cybersecurity topics.

• Impact: NIST's work significantly impacts various aspects of modern life, from the accuracy of measurements in manufacturing to the security of information systems. In essence, NIST is a vital organization that contributes to the advancement of technology and the improvement of standards, with a strong emphasis on cybersecurity.

Now that I have all my summer reading in order, did I miss a technology you're looking to secure, like end compute devices? There's a NIST publication for that. Lesson learned—check NIST; they've likely already provided technical assistance documents to aid in your work.