Navigate

CCI-000065

CCI-000065 Definition

The organization authorizes remote access to the information system prior to allowing such connections.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed authorizes remote access to the information system prior to allowing such connections. The organization must maintain an audit trail of authorizations.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the audit trail of authorizations to ensure the organization being inspected/assessed authorizes remote access to the information system prior to allowing such connections.

Compelling Evidence

1.) Signed and dated Access Control Policy (ACL's). 2.) Signed and dated SSP. 3.) Signed and dated Standard user agreements. 4.) Signed and dated Privileged user agreement. 5.) Site's audit trail of authorizations that shows/describes authorizing remote access to the information system prior to allowing such connections.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000065.

Control	Description
AC-17	The organization: AC-17a.: Establishes and documents usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and AC-17b.: Authorizes remote access to the information system prior to allowing such connections.