In Episode 15 of my NIST SP 800-53 Rev 5 Access Control series, I break down AC-18 (Wireless Access) and explain what the control is really asking you to do in plain language. I start by defining wireless access (Wi‑Fi, Bluetooth, cellular, satellite, etc.) and point out that AC-18 is selected across all three baselines (Low, Moderate, High), with additional enhancements showing up as you move up in rigor. Then I read the Rev 5 requirement and simplify it: you need configuration requirements, connection requirements, and implementation guidance for each wireless type—and you must authorize each wireless access type before you allow it. I also walk through the key ideas in the discussion and call out the AC-18 enhancements (authentication/encryption, monitoring unauthorized connections, disabling wireless, restricting user configurations, and antenna/transmission power considerations). From an assessment standpoint—whether you’re doing an SCA or a self-assessment during continuous monitoring—I explain what I look for: the access control policy/procedures, the “-1” control, and the SSP, plus evidence of authorized wireless connections, usage restrictions, connection requirements, and implementation guidance. Finally, I highlight a practical point: not every system has wireless capability. If the system truly doesn’t implement wireless access within the authorization boundary, AC-18 may be not applicable—but if it does, you need to prove the controls are defined and functioning as intended.