N
|
controlAC-17

Remote Access (AC-17)

Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and Authorize each type of remote access to the system prior to allowing such connections.

Security Baselines

LOWMODERATEHIGH
access-controlauthorizationleast-privilege

Why These Connect

Baselined In3

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports42

These related controls work together — a change to one may affect the others.

Mitigates2

This control helps defend against or reduce the risk of the linked threat technique.

Enhances10

These enhancements add specific capabilities or refinements to the base control.

Related Controls(29)

AC-2Account Management (AC-2)
LMH
AC-3Access Enforcement (AC-3)
LMH
AC-4Information Flow Enforcement (AC-4)
MH
AC-18Wireless Access (AC-18)
LMH
AC-19Access Control for Mobile Devices (AC-19)
LMH
AC-20Use of External Systems (AC-20)
LMH
CA-3Information Exchange (CA-3)
LMH
CM-10Software Usage Restrictions (CM-10)
LMH
IA-2Identification and Authentication (Organizational Users) (IA-2)
LMH
IA-3Device Identification and Authentication (IA-3)
MH
IA-8Identification and Authentication (Non-organizational Users) (IA-8)
LMH
MA-4Nonlocal Maintenance (MA-4)
LMH
PE-17Alternate Work Site (PE-17)
MH
PL-2System Security and Privacy Plans (PL-2)
LMH
PL-4Rules of Behavior (PL-4)
LMH
SC-10Network Disconnect (SC-10)
MH
SC-12Cryptographic Key Establishment and Management (SC-12)
LMH
SC-13Cryptographic Protection (SC-13)
LMH
SI-4System Monitoring (SI-4)
LMH
AT-2Literacy Training and Awareness (AT-2)
LMH
AT-3Role-based Training (AT-3)
LMH
AU-2Event Logging (AU-2)
LMH
AU-6Audit Record Review, Analysis, and Reporting (AU-6)
LMH
AU-12Audit Record Generation (AU-12)
LMH
CA-7Continuous Monitoring (CA-7)
LMH
PM-31Continuous Monitoring Strategy (PM-31)PS-6Access Agreements (PS-6)
LMH
SC-7Boundary Protection (SC-7)
LMH
SC-8Transmission Confidentiality and Integrity (SC-8)
MH

Threat Coverage(2 ATT&CK techniques)

T1133External Remote ServicesT1021Remote Services

Control Enhancements(10)

AC-17(1)Monitoring and Control (AC-17(1))
MH
AC-17(2)Protection of Confidentiality and Integrity Using Encryption (AC-17(2))
MH
AC-17(3)Managed Access Control Points (AC-17(3))
MH
AC-17(4)Privileged Commands and Access (AC-17(4))
MH
AC-17(5)Monitoring for Unauthorized Connections (AC-17(5))W
AC-17(6)Protection of Mechanism Information (AC-17(6))
AC-17(7)Additional Protection for Security Function Access (AC-17(7))W
AC-17(8)Disable Nonsecure Network Protocols (AC-17(8))W
AC-17(9)Disconnect or Disable Access (AC-17(9))
AC-17(10)Authenticate Remote Commands (AC-17(10))

See Also

@SP 800-53 OverviewCompare Baselines