>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AC.L2-3.1.13Remote Access Confidentiality

Level 2
800-171: 3.1.13

>Control Description

Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.

>Cross-Framework Mappings

NIST SP 800-171

3.1.13
Compare

SCF

NET-14.2
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your remote access policy and how is it communicated to users?
  • How do you govern and approve remote access capabilities?
  • What process do you follow for granting and revoking remote access privileges?
  • How frequently do you review remote access permissions and sessions?

Technical Implementation:

  • What cryptographic protocols protect remote access sessions (TLS, IPsec)?
  • How do you enforce use of strong encryption for remote access?
  • What VPN or remote access technologies are deployed?
  • How do you verify that weak or deprecated crypto is disabled?
  • What technical controls prevent unencrypted remote access?

Evidence & Documentation:

  • What documentation demonstrates your access control policies and procedures?
  • What access control matrices or permissions documentation can you provide?
  • What access request and approval records can you show?
  • What access review documentation demonstrates periodic reviews?
  • What audit logs demonstrate access control enforcement?
  • What screenshots or configuration exports show access control settings?

Ask AI

Configure your API key to use AI features.