Navigate

CCI-002320

CCI-002320 Definition

Document the rationale for authorization of access to security-relevant information via remote access.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the rationale for remote access is documented in the security plan for the system.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing remote access to the system; system configuration settings and associated documentation; security plan; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms implementing remote access management].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002320.

Control	Description
AC-17(4)	(a): Authorize the execution of privileged commands and access to security-relevant information via remote access only in a format that provides assessable evidence and for the following needs: [one of ] ; and (b): Document the rationale for remote access in the security plan for the system.