Navigate

AC-17(3)

AC-17(3): Managed Access Control Points

Route remote accesses through authorized and managed network access control points.

Supplemental

Organizations consider the Trusted Internet Connections (TIC) initiative [DHS TIC](#4f42ee6e-86cc-403b-a51f-76c2b4f81b54) requirements for external network connections since limiting the number of access control points for remote access reduces attack surfaces.

CIA Levels
Confidentiality	low
Integrity	low
Availability	unknown

Overlays
CMMC

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to AC-17(3).

Control	Description
SC-7	a: Monitor and control communications at the external managed interfaces to the system and at key internal managed interfaces within the system; b: Implement subnetworks for publicly accessible system components that are [one of "physically"/"logically"] separated from internal organizational networks; and c: Connect to external networks or systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security and privacy architecture.

Control

Description

SC-7

a: Monitor and control communications at the external managed interfaces to the system and at key internal managed interfaces within the system;

b: Implement subnetworks for publicly accessible system components that are [one of "physically"/"logically"] separated from internal organizational networks; and

c: Connect to external networks or systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security and privacy architecture.

Enhancements

The controls below (if any) add on to the requirements of AC-17(3).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-17(3).

CCI	Definition
CCI-000069	Route all remote accesses through authorized and managed network access control points.