Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization:
(a) Authorizes the execution of privileged commands and access to security-relevant information via remote access only for [Assignment: organization-defined needs]; and
(b) Documents the rationale for such access in the security plan for the information system.
NIST 800-53 (r4) Supplemental Guidance:
Related control: AC-6.
NIST 800-53 (r5) Discussion:
Remote access to systems represents a significant potential vulnerability that can be exploited by adversaries. As such, restricting the execution of privileged commands and access to security-relevant information via remote access reduces the exposure of the organization and the susceptibility to threats by adversaries to the remote access capability.
38North Guidance:
Meets Minimum Requirement:
Document a policy detailing remote access usage restrictions, connection requirements, and implementation guidance, as well as document actions that can be performed by privileged users over remote access connections. Additionally, audit all actions taken on the system over a remote access connection.
Best Practice:
Organizations should ensure that all remote access connections and approved privileged actions are documented in tickets and that all privileged actions are audited and reviewed by security personnel to ensure that actions were not taken against the system without approval, authorization, and audit.
Unofficial FedRAMP Guidance: None.
Assessment Evidence:
Documented policy detailing remote access usage restrictions, connection requirements, and implementation guidance, as well as documented actions that can be performed by privileged users over remote access connections.
Audit records of privileged system access by admin personnel performing privileged actions over VPN, SSH, RDP, or other remote access method.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse