New Mexico Administrative Code
Title 1 - GENERAL GOVERNMENT ADMINISTRATION
Chapter 12 - INFORMATION TECHNOLOGY
Part 20 - INFORMATION SECURITY OPERATION MANAGEMENT
Section 1.12.20.19 - WIRELESS NETWORKS, BLUETOOTH, AND RADIO FREQUENCY IDENTIFICATION
Current through Register Vol. 35, No. 18, September 24, 2024
A. No wireless network or wireless access point shall be installed prior to an agency performed risk assessment and the written approval of the agency CIO.
B. Suitable controls, such as media access control (MAC), address restriction, authentication, and encryption, shall be implemented by the agency to ensure that a wireless network or access point cannot be exploited to disrupt agency information services or to gain unauthorized access to agency information. When selecting wireless technologies, such as 802.11x or its predecessors or its successor, wireless network security features on the equipment shall be available and implemented at the time of deployment.
C. Access to systems that hold sensitive information or the transmission of protected or sensitive information via a wireless network is not permitted unless and until appropriate and adequate measures have been implemented and approved by the state CIO. Such measures shall include authentication, authorization, encryption, access controls, and logging.