|AC-17 (1) Automated Monitoring / Control ||MODERATE |
Automated monitoring and control of remote access sessions allows organizations to detect cyber attacks and also ensure ongoing compliance with remote access policies by auditing connection activities of remote users on a variety of information system components (e.g., servers, workstations, notebook computers, smart phones, and tablets).
The information system monitors and controls remote access methods.
|AC-17 (2) Protection Of Confidentiality / Integrity Using Encryption ||MODERATE |
The encryption strength of mechanism is selected based on the security categorization of the information.
The information system implements cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions.
|AC-17 (3) Managed Access Control Points ||MODERATE |
Limiting the number of access control points for remote accesses reduces the attack surface for organizations. Organizations consider the Trusted Internet Connections (TIC) initiative requirements for external network connections.
The information system routes all remote accesses through Assignment: organization-defined number managed network access control points.
|AC-17 (4) Privileged Commands / Access ||MODERATE |
The organization: AC-17 (4)(a)
Authorizes the execution of privileged commands and access to security-relevant information via remote access only for Assignment: organization-defined needs; and AC-17 (4)(b)
Documents the rationale for such access in the security plan for the information system.
|AC-17 (5) Monitoring For Unauthorized Connections || |
Withdrawn: Incorporated into SI-4.
|AC-17 (6) Protection Of Information || |
The organization ensures that users protect information about remote access mechanisms from unauthorized use and disclosure.
|AC-17 (7) Additional Protection For Security Function Access || |
Withdrawn: Incorporated into AC-3 (10).
|AC-17 (8) Disable Nonsecure Network Protocols || |
Withdrawn: Incorporated into CM-7.
|AC-17 (9) Disconnect / Disable Access || |
This control enhancement requires organizations to have the capability to rapidly disconnect current users remotely accessing the information system and/or disable further remote access. The speed of disconnect or disablement varies based on the criticality of missions/business functions and the need to eliminate immediate or future remote access to organizational information systems.
The organization provides the capability to expeditiously disconnect or disable remote access to the information system within Assignment: organization-defined time period.