Navigate

CCI-000065

CCI-000065 Definition

Authorize remote access to the system prior to allowing such connections.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if each type of remote access to the system is authorized prior to allowing such connections.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing remote access implementation and usage (including restrictions); configuration management plan; system configuration settings and associated documentation; remote access authorizations; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for managing remote access connections; system/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Remote access management capability for the system].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000065.

Control	Description
AC-17	a: Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and b: Authorize each type of remote access to the system prior to allowing such connections.