Strategies and Protocols to Authenticate Network User Identities Are Effective; However, More Action Is Needed to Verify the Identity of Devices

The Chief Information Officer should require the UNS and Cybersecurity functions to coordinate with AT&T to implement certificate-based authentication for devices connecting to the internal network through a VPN.

The Chief Information Officer should ensure that the UNS function configures and implements certificate based authentication for devices connecting wirelessly to the internal network.

The Chief Information Officer should coordinate with the business units that internally manage non-802.1X protocol compatible devices to develop a comprehensive plan with milestones to reduce the number of whitelisted devices that currently authenticate to the ISE using the MAB protocol.

The Chief Information Officer should ensure that ELC methodology artifacts for the UA Project are completed, including requirements and design artifacts to aid system understanding and maintenance, as well as security, contingency planning, and testing artifacts to enable the secure operation of the ISE.