SECURING WiMAX WIRELESS COMMUNICATIONS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology U.S. Department of Commerce Many government and business organizations are using wireless networks, enabling their employees and contractors with wireless-enabled devices, such as smart phones, to connect to the Internet and the organization’s networks. Wireless networks support increased flexibility for organizations, and easier and less costly installations than wired technologies. Wireless technologies use radio waves instead of direct physical connections to transmit data between networks and devices. While supporting ease of use and installation, and a mobile workforce, wireless networks like any other communication network are vulnerable to risks that could compromise the confidentiality, integrity, and availability of information systems and information. Without proper security precautions, information can be intercepted and altered more easily than when transmitted through physical connections. The U.S. Government Accountability Office (GAO) recently analyzed leading security practices of federal government organizations for deploying and monitoring wireless networks and technologies in its report, Federal Agencies Have Taken Steps to Secure Wireless Networks, but Further Actions Can Mitigate Risk (GAO-11-43, November 2010). The GAO recommended that federal agencies implement additional practices to secure their wireless networks, and that governmentwide oversight of wireless networks be improved. The Information Technology Laboratory of the National Institute of Standards and Technology (NIST), which is responsible for developing standards and guidelines for information security under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347, has issued several publications explaining secure wireless communications and recommending good practices for protecting