:

15.7: Leverage the Advanced Encryption Standard (AES) to Encrypt Wireless Data

Sub-control 15.7 states that you must leverage the Advanced Encryption Standard (AES) to encrypt wireless data in transit.

Asset Type	Security Function	Implementation Groups
Network	Protect	1, 2, 3

Dependencies

Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information

Inputs

List of wireless devices: A list of wireless devices. This is derived from the Endpoint Inventory (sub-control 1.4).
List of AES-capable wireless devices: A list of all AES-capable wireless devices (sub-control 1.5).

Operations

For each AES-capable wireless device, collect the cipher suite configuration.

Measures

Measure	Definition
M1 = List of wireless devices	A list of wireless devices.
M2 = Count of items in M1	A count of the total number of items in M1.
M3 = List of AES-capable wireless devices	A list of AES-capable wireless devices. Using the regex provided above, the organization can get a count of systems with AES configured.
M4 = Count of items in M3	A count of the total number of items in M3.
M5 = List of non-AES-capable wireless devices	A list of non-AES-capable wireless devices. Using the regex provided above, the organization can get a count of systems without AES configured.
M6 = Count of items in M5	A count of the total number of items in M5.
M7 = List of appropriately configured AES-capable wireless devices	A list of appropriately configured AES-capable wireless devices. Using the regex above, the organization can find the systems with only AES enabled.
M8 = Count of items in M7	A count of the total number of items in M7.
M9 = List of inappropriately configured AES-capable wireless devices	A list of inappropriately configured AES-capable wireless devices. Using the regex above, the organization can find the systems with only AES enabled.
M10 = Count of items in M9	A count of the total number of items in M9.

Metrics

Coverage

Metric	Calculation
The percentage of AES-capable devices that are configured to use cipher suites leveraging AES.	M8 / M4

Copyright © 2023 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.