Navigate

CCI-002310

CCI-002310 Definition

The organization establishes and documents usage restrictions for each type of remote access allowed.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed establishes and documents usage restrictions for each type of remote access allowed.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented usage restrictions to ensure the organization being inspected/assessed establishes and documents usage restrictions for each type of remote access allowed.

Compelling Evidence

1.) Signed and dated Access Control Policy 2.) Signed and dated Access Control Lists (ACL's) on the remote device(s). 3.) Most current Network topology diagram 4.) Signed and dated Standard user agreements. 5.) Signed and dated Privileged user agreement. 6.) Documentation that establishes and documents usage restrictions for each type of remote access allowed.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002310.

Control	Description
AC-17	The organization: AC-17a.: Establishes and documents usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and AC-17b.: Authorizes remote access to the information system prior to allowing such connections.