Navigate

CCI-002319

CCI-002319 Definition

The organization documents in the security plan for the information system the rationale for authorization of the execution of privilege commands via remote access.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents in the security plan for the information system the rationale for authorization of the execution of privilege commands via remote access.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the security plan to ensure the organization being inspected/assessed documents in the security plan for the information system the rationale for authorization of the execution of privilege commands via remote access.

Compelling Evidence

1.) Signed and dated system security plan (SSP) that documents and identifies the rationale for authorization of the execution of privilege commands via remote access.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002319.

Control	Description
AC-17 (4)	The organization: AC-17 (4)(a): Authorizes the execution of privileged commands and access to security-relevant information via remote access only for [Assignment: organization-defined needs]; and AC-17 (4)(b): Documents the rationale for such access in the security plan for the information system.