Navigate

CCI-000063

CCI-000063 Definition

The organization defines allowed methods of remote access to the information system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the allowed methods of remote access to the information system. The methods should be defined IAW ports, protocols, and service requirements, as well as access control requirements for any STIGs applicable to the technology in use. DoD has determined the allowed methods of remote access are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented methods to ensure the organization being inspected/assessed defines allowed methods of remote access to the information system. DoD has determined the allowed methods of remote access are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated access control policy 2.) Sampling of individuals that have received remote-access training 3.) Signed user agreements pertaining to remote access 3.) Documents that outline how both users and administrators will gain access, including network diagram that identifies remote-access capability.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000063.

Control	Description
AC-17	The organization: AC-17a.: Establishes and documents usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and AC-17b.: Authorizes remote access to the information system prior to allowing such connections.