Navigate

CCI-002311

CCI-002311 Definition

Establish and document configuration/connection requirements for each type of remote access allowed.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - usage restrictions are established and documented for each type of remote access allowed. - configuration/connection requirements are established and documented for each type of remote access allowed. - implementation guidance is established and documented for each type of remote access allowed.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing remote access implementation and usage (including restrictions); configuration management plan; system configuration settings and associated documentation; remote access authorizations; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for managing remote access connections; system/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Remote access management capability for the system].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002311.

Control	Description
AC-17	a: Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and b: Authorize each type of remote access to the system prior to allowing such connections.