AC.L2-3.1.15—Privileged Remote Access
Level 2
800-171: 3.1.15
>Control Description
Authorize remote execution of privileged commands and remote access to security-relevant information.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your remote access policy and how is it communicated to users?
- •How do you govern and approve remote access capabilities?
- •What process do you follow for granting and revoking remote access privileges?
- •How frequently do you review remote access permissions and sessions?
Technical Implementation:
- •What technical mechanisms authorize privileged remote access?
- •How do you implement additional controls for privileged remote sessions (PAM, jump servers)?
- •What technologies log all privileged remote access activities?
- •How do you technically enforce authorization before privileged remote access?
- •What monitoring alerts on privileged remote access attempts?
Evidence & Documentation:
- •What documentation demonstrates your access control policies and procedures?
- •What access control matrices or permissions documentation can you provide?
- •What access request and approval records can you show?
- •What access review documentation demonstrates periodic reviews?
- •What audit logs demonstrate access control enforcement?
- •What screenshots or configuration exports show access control settings?
Ask AI
Configure your API key to use AI features.