This policy prohibits access to City networks via unsecured wireless communication mechanisms. Only wireless systems that meet the criteria of this policy or those which have been granted an exclusive waiver by the CTO or the Information Security Manager (ISM) are approved for connectivity to the City’s networks.
This policy covers all 802.11 wireless data communication devices (e.g., personal computers, laptops, notebooks, smartphones, tablet computers, etc.) which connect to any of the City’s networks, resources, or systems.
Register Wireless Devices: All wireless devices (Access Points, Base Stations and Network Interface Cards) connected to the City network must be approved, registered, installed and maintained by the Bureau of Technology Services (BTS).
Encryption and Authentication: To connect to the City network, all networking devices with wireless capabilities must utilize a City approved configuration which prohibits all unauthenticated and unencrypted traffic. To comply with this policy, wireless implementations must maintain point-to-point hardware encryption of at least 128- bits. All implementations must support a hardware address (MAC address) that can be registered and tracked. All wireless implementations must support and employ strong user authentication which checks against a BTS approved and managed RADIUS database and support 802.1x authentication.
Setting the SSID: All wireless access points shall have their Service Set ID configured so that it does not contain the default supplied by the manufacturer.
Penetration Tests and Audits: Wireless Access Points & Base Stations are subject to periodic penetration tests and audits. Unapproved wireless access points are subject to immediate network disconnection and equipment confiscation.
Default wireless manufacturer or vendor settings must be changed, including but not limited to default wireless encryption keys, passwords and SNMP community strings.
Revised rule adopted by the Chief Administrative Officer of the Office of Management and Finance and filed for inclusion in PPD October 29, 2015.