Skip to main content

💼 AC-17 Remote Access

  • Contextual name: 💼 AC-17 Remote Access
  • ID: /frameworks/nist-sp-800-53-r5/ac/17
  • Located in: 💼 AC Access Control

Description

a. Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and b. Authorize each type of remote access to the system prior to allowing such connections.

Similar

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/dms/10
    • /frameworks/aws-fsbp-v1.0.0/dynamodb/07
  • Internal
    • ID: dec-c-42214397

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DMS.10] DMS endpoints for Neptune databases should have IAM authorization enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DynamoDB.7] DynamoDB Accelerator clusters should be encrypted in transit

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 FedRAMP High Security Controls → 💼 AC-17 Remote Access (L)(M)(H)419
💼 FedRAMP Low Security Controls → 💼 AC-17 Remote Access (L)(M)(H)1
💼 NIST CSF v2.0 → 💼 PR.AA-05: Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties91

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags
💼 AC-17(1) Remote Access _ Monitoring and Control11
💼 AC-17(2) Remote Access _ Protection of Confidentiality and Integrity Using Encryption1217
💼 AC-17(3) Remote Access _ Managed Access Control Points
💼 AC-17(4) Remote Access _ Privileged Commands and Access
💼 AC-17(5) Remote Access _ Monitoring for Unauthorized Connections
💼 AC-17(6) Remote Access _ Protection of Mechanism Information
💼 AC-17(7) Remote Access _ Additional Protection for Security Function Access
💼 AC-17(8) Remote Access _ Disable Nonsecure Network Protocols
💼 AC-17(9) Remote Access _ Disconnect or Disable Access
💼 AC-17(10) Remote Access _ Authenticate Remote Commands

Policies (1)

PolicyLogic CountFlags
📝 Google GCE Instance Block Project-Wide SSH Keys is not enabled 🟢1🟢 x6