This publication provides guidelines to organizations in securing their legacy IEEE 802.11 WLANs that cannot use the IEEE 802.11i standard. The guidance recognizes that maintaining a secure wireless network is a continuous process requiring additional effort beyond that required to maintain other networks and systems. Accordingly, NIST has recommended that federal agencies:
- perform risk assessments and develop security policies before purchasing wireless technologies and anticipate that their unique security requirements will determine which products should be considered for purchase;
- wait to deploy wireless networks for essential operations until after agencies have fully assessed the risks to their information and system operations and have determined that they can manage and mitigate those risks;
- assess risks, test and evaluate security controls more frequently than they would on a wired network.