>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AC.L2-3.1.12Control Remote Access

Level 2
800-171: 3.1.12

>Control Description

Monitor and control remote access sessions.

>Cross-Framework Mappings

NIST SP 800-171

3.1.12
Compare

SCF

NET-14
Compare
NET-14.1
Compare
NET-14.5
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your remote access policy and how is it communicated to users?
  • How do you govern and approve remote access capabilities?
  • What process do you follow for granting and revoking remote access privileges?
  • How frequently do you review remote access permissions and sessions?

Technical Implementation:

  • What tools monitor and control remote access sessions (VPN logs, bastion hosts)?
  • How do you technically implement remote access controls?
  • What technologies provide visibility into remote access sessions?
  • What mechanisms can terminate remote sessions if needed?
  • What logging and alerting monitors remote access activity?

Evidence & Documentation:

  • What documentation demonstrates your access control policies and procedures?
  • What access control matrices or permissions documentation can you provide?
  • What access request and approval records can you show?
  • What access review documentation demonstrates periodic reviews?
  • What audit logs demonstrate access control enforcement?
  • What screenshots or configuration exports show access control settings?

Ask AI

Configure your API key to use AI features.