Navigate

AC-17(3)

AC-17(3): Managed Access Control Points

The information system routes all remote accesses through [one of ] managed network access control points.

Supplemental

Limiting the number of access control points for remote accesses reduces the attack surface for organizations. Organizations consider the Trusted Internet Connections (TIC) initiative requirements for external network connections.

CIA Levels
Confidentiality	low
Integrity	low
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to AC-17(3).

Control	Description
SC-7	The information system: a: Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system; b: Implements subnetworks for publicly accessible system components that are [one of "physically"/"logically"] separated from internal organizational networks; and c: Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.

Control

Description

SC-7

The information system:

a: Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system;

b: Implements subnetworks for publicly accessible system components that are [one of "physically"/"logically"] separated from internal organizational networks; and

c: Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.

Enhancements

The controls below (if any) add on to the requirements of AC-17(3).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-17(3).

CCI	Definition
CCI-000069	Route all remote accesses through authorized and managed network access control points.
CCI-001561	The organization defines managed access control points for remote access to the information system.
CCI-002315	The organization defines the number of managed network access control points through which the information system routes all remote access.