scope:

The intended audience for this document includes:

a) Information system and network support organisations, such as TfL's Technology and Data (T&D) team

b) TfL business areas and supply chain organisations that own/operate, or are considering the deployment of, wireless networking on TfL premises

c) Teams responsible for technology and data within TfL (including but not limited to Cyber Security).

The standard applies to all wireless networks:

a) Owned, operated or supported by (or on behalf of) TfL

b) Which otherwise originate within the bounds of TfL's premises

c) Utilising any wireless networking technology, such as the Institute of Electrical and Electronics Engineers (IEEE) 802.11, or Bluetooth

d) Utilising any radio frequency band e) Of any output power

f) That might be characterised as a wireless Metropolitan Area Network (MAN), Local Area Network (LAN) or Personal Area Network (PAN).

This standard also applies to 'wireless networks' in all of the following senses:

a) Physical (e.g. wireless Access Points and other networking equipment)

b) Logical (e.g. network identifiers, access controls and cryptography)

c) Electromagnetic (e.g. the radio waves that relay wireless network traffic).

The standard covers all wireless data communication devices physically connected to any of TfL's internal networks, including Wi-Fi within stations and used for CCTV including Wi-Fi connected via dedicated ADSL/VDSL lines which are utilised by TfL for train connectivity. This includes any form of wireless communication device capable of transmitting packet data.

Wireless devices and/or networks without connectivity to TfL's networks are not in the scope of this standard.

Purpose

This standard specifies how wireless networks used by TfL, or that otherwise originate within TfL premises, shall be configured such that they are acceptably secure.

The standard provides additional detail to the requirements specified in the Network cyber security standard.