Security Requirements for 03.01.12 Remote Access

Remote access is access to systems (or processes acting on behalf of users) that communicate through external networks, such as the internet. Monitoring and controlling remote access methods allows organizations to detect attacks and ensure compliance with remote access policies. Routing remote access through managed access control points enhances explicit control over such connections and reduces susceptibility to unauthorized access to the system, which could result in the unauthorized disclosure of CUI. Remote access to the system represents a significant potential vulnerability that can be exploited by adversaries. Restricting the execution of privileged commands and access to security-relevant information via remote access reduces the exposure of the organization and its susceptibility to threats by adversaries. A privileged command is a human-initiated command executed on a system that involves the control, monitoring, or administration of the system, including security functions and security-relevant information. Security-relevant information is information that can potentially impact the operation of security functions or the provision of security services in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data. Privileged commands give individuals the ability to execute sensitive, security-critical, or security-relevant system functions.

View CPRT 03.01.12

  1. 03.01.12.a

    Establish usage restrictions, configuration requirements, and connection requirements for each type of allowable remote system access.

  1. 03.01.12.b

    Authorize each type of remote system access prior to establishing such connections.

  1. 03.01.12.c

    Route remote access to the system through authorized and managed access control points.

  1. 03.01.12.d

    Authorize the remote execution of privileged commands and remote access to security-relevant information.