AC-18 Wireless Access

Last Review: 10/1/2022


WTAMU will provide a set of measures that will mitigate information security risks associated with the use of wireless network technology.


This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.


  • Requests for wireless service must be architected, engineered, provided, and maintained by Network Services. Vendors and/or external service providers are not authorized to engineer network or wireless services without the explicit approval of network services or the WTAMU IRM. Requests for wireless service within any departmental networks must be approved by Network Services and or the IRM.
  • The manufacturer default settings of the Service Set Identifier (SSID) shall be changed upon initial configuration of any wireless access device.
  • Network Services will install and maintain all wireless access points, to ensure they meet minimum security requirements (i.e. changing of SSID).
  • The attachment of unapproved wireless access points, bridges, and/or repeaters is strictly prohibited. Network Services will monitor for unauthorized wireless access points. Any such rogue access point detected on the West Texas A&M University network shall be disconnected from the network and a security incident will be filed with the information security officer (ISO).
  • Wireless access must be password protected and access must be linked to an individual through approved authentication mechanisms.
  • Confidential information, mission critical or sensitive personal information shall not be accessed by wireless communication unless the communication is encrypted via either the University VPN or another method approved by the ISO.
  • Information resource security controls must not be bypassed or disabled.