Navigate

CCI-000070

CCI-000070 Definition

Authorize the execution of privileged commands via remote access only in a format that provides assessable evidence for organization-defined needs.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed authorizes the execution of privileged commands via remote access only for needs defined in AC-17 (4), CCI 2317. The organization being inspected/assessed maintains an audit trail of authorizations.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the audit trail of authorizations to ensure the organization being inspected/assessed authorizes the execution of privileged commands via remote access only for needs defined in AC-17 (4), CCI 2317.

Compelling Evidence

1.) Signed and dated Access Control Policy 2.) Signed and dated system security plan (SSP) 3.) Signed and dated privileged user agreement. 4.) Site's audit trail of authorizations that shows/describes how the site authorizes the execution of privileged commands via remote access only for needs defined in AC-17 (4), CCI 2317.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000070.

Control	Description
AC-17(4)	The organization: (a): Authorizes the execution of privileged commands and access to security-relevant information via remote access only for [one of ]; and (b): Documents the rationale for such access in the security plan for the information system.