Compliance

Many compliance tools do the bare minimum—focused on checking boxes for reports rather than truly improving security. This is especially common with wireless compliance.

Nzyme is vendor-agnostic, allowing you to switch infrastructure providers without changing configurations or losing visibility.

We designed Nzyme to make your environment genuinely safer. Achieving compliance is just a natural outcome of doing security right. (and a ton of paperwork)

How your use of Nzyme translates to compliance controls depends on the specifics of your environment, but the examples on this page provide a solid overview of how it typically aligns with common requirements.

  • PCI-DSS
  • CIS Critical Security Controls
  • NIST SP 800-153
  • ISO/IEC 27001

PCI-DSS requires detection of unauthorized wireless access points and devices. Nzyme continuously monitors wireless traffic to detect rogue devices in real time—far beyond what periodic scans can offer.

# Requirement Control
4.2.1.2 Wireless networks transmitting PAN or connected to the CDE use industry best practices to implement strong cryptography for authentication and transmission. Nzyme continuously monitors wireless network configurations to ensure they follow strong encryption and authentication standards.
11.2.1 Authorized and unauthorized wireless access points are managed as follows:
  • The presence of wireless (Wi-Fi) access points is tested for
  • All authorized and unauthorized wireless access points are detected and identified
  • Testing, detection, and identification occurs at least once every three months
  • If automated monitoring is used, personnel are notified via generated alerts
(The requirement applies even when a policy exists that prohibits the use of wireless technology. Methods used to meet this requirement must be sufficient to detect and identify both authorized and unauthorized devices, including unauthorized devices attached to devices that themselves are authorized.) 		Nzyme provides continuous wireless monitoring, automatically detecting and identifying both authorized and unauthorized access points. It alerts designated personnel upon detection, eliminating the need for manual testing cycles.
11.2.2 An inventory of authorized wireless access points is maintained, including a documented business justification. Nzyme’s Monitored Networks feature maintains a defined list of authorized access points.

CIS mandates that organizations implement robust network infrastructure management and continuous monitoring across both wired and wireless environments. CIS Control 13: Network Monitoring and Defense requires ongoing inspection of network traffic and automated defenses across every network segment—Wi-Fi or Ethernet—to detect and respond to anomalous or malicious activity promptly.

# Requirement Control
1.1 Establish and maintain an accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data, to include: end-user devices (including portable and mobile), network devices, non-computing/IoT devices, and servers. Nzyme builds an asset inventory of wired and wireless assets that are connected to your network.
1.2 Ensure that a process exists to address unauthorized assets on a weekly basis. The enterprise may choose to remove the asset from the network, deny the asset from connecting remotely to the network, or quarantine the asset. Nzyme continuously monitors what assets are connected to your wired and wireless networks and can alert you if an unauthenticated asset is seen.
1.4 Use DHCP logging on all DHCP servers or Internet Protocol (IP) address management tools to update the enterprise’s asset inventory. Review and use logs to update the enterprise’s asset inventory weekly, or more frequently. Nzyme uses DHCP (and other) data to build the asset inventory.
1.5 Use a passive discovery tool to identify assets connected to the enterprise’s network. Review and use scans to update the enterprise’s asset inventory at least weekly, or more frequently. Nzyme performs continuous passive asset discovery to build the asset inventory.
12.6 Adopt secure network management protocols (e.g., 802.1X) and secure communication protocols (e.g., Wi-Fi Protected Access 2 (WPA2) Enterprise or more secure alternatives). The Nzyme Monitored Networks feature lets you define expected WiFi configuration (incl security/encryption settings) and can alert you the moment those settings are changed.
12.6 ADeploy a network intrusion prevention solution, where appropriate. Example implementations include the use of a Network Intrusion Prevention System (NIPS) or equivalent CSP service. Nzyme covers the Wireless side of this as a full wireless Intrusion Detection System. (WIDS)

NIST SP 800-153 outlines requirements for continuously monitoring wired and wireless traffic to detect unauthorized access points, connections, and anomalous behavior. Nzyme provides this visibility with automated detection, asset tracking, and alerting.

# Requirement Control
AC-18 Protect wireless access to the system using authentication [...] and encryption. Wireless networking capabilities represent a significant potential vulnerability that can be exploited by adversaries. To protect systems with wireless access points, strong authentication of users and devices along with strong encryption can reduce susceptibility to threats by adversaries involving wireless technologies. The Nzyme Monitored Networks feature can be configured to continuously monitor that your WiFi networks are set up to use strong encryption and IEEE 802.1X access control and alert you in case of any deviation.
AC-18 Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment. Wireless networking capabilities that are embedded within system components represent a significant potential vulnerability that can be exploited by adversaries. Disabling wireless capabilities when not needed for essential organizational missions or functions can reduce susceptibility to threats by adversaries involving wireless technologies. Review wireless access points, networks and clients in Nzyme to ensure that no unauthorized wireless activity is taking place.
AC-18 Select radio antennas and calibrate transmission power levels to reduce the probability that signals from wireless access points can be received outside of organization-controlled boundaries. Actions that may be taken to limit unauthorized use of wireless communications outside of organization-controlled boundaries include reducing the power of wireless transmissions so that the transmissions are less likely to emit a signal that can be captured outside of the physical perimeters of the organization, employing measures such as emissions security to control wireless emanations, and using directional or beamforming antennas that reduce the likelihood that unintended receivers will be able to intercept signals. Prior to taking such mitigating actions, organizations can conduct periodic wireless surveys to understand the radio frequency profile of organizational systems as well as other systems that may be operating in the area. Place Nzyme sensors around your organization-controlled boundaries and monitor signal strength of your wireless signals to ensure that device transmission power levels are properly calibrated.
AC-19 Prohibit the use of unclassified mobile devices in facilities containing systems processing, storing, or transmitting classified information unless specifically permitted by the authorizing official [...]
  • Connection of unclassified mobile devices to classified systems is prohibited;
  • Connection of unclassified mobile devices to unclassified systems requires approval from the authorizing official;
  • Use of internal or external modems or wireless interfaces within the unclassified mobile devices is prohibited;
Nzyme can present discovered wireless devices for review and also alert you if a new, previously unseen or unauthorized wireless device connects to one of your monitored WiFi networks.

ISO/IEC 27001 emphasizes the need for secure communications and ongoing system monitoring in any environment, including remote work locations. Nzyme enables continuous oversight of wireless and wired traffic to detect unauthorized devices and enforce network boundaries.

# Requirement Control
5.9 An inventory of information and other associated assets, including owners, shall be developed and maintained. Nzyme builds an asset inventory of wired and wireless assets that are connected to your network.
6.7 Security measures shall be implemented when personnel are working remotely to protect information accessed, processed or stored outside the organization’s premises. Nzyme sensors are so affordable that you can physically place them at remote work locations. Wireless data collection can be disabled and Ethernet data collection can be limited to work-related networks for worker privacy reasons.
8.16 Networks, systems and applications shall be monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents. Nzyme detects unexpected assets, rogue wireless networks and known wireless attack platforms.
8.20 Networks and network devices shall be secured, managed and controlled to protect information in systems and applications. The Nzyme Monitored Networks feature lets you define expected WiFi configuration (incl security/encryption settings) and can alert you the moment those settings are changed.
8.21 Security mechanisms, service levels and service requirements of network services shall be identified, implemented and monitored. Same as above.
* Some listed features are currently in customer trials and not yet publicly available. If you're interested in early access, please contact us.