AC-17(04)—Remote Access | Privileged Commands and Access
Moderate
>Control Description
(a) Authorize the execution of privileged commands and access to security-relevant information via remote access only in a format that provides assessable evidence and for the following needs: ⚙organization-defined needs; and
(b) Document the rationale for remote access in the security plan for the system.
>Discussion
Remote access to systems represents a significant potential vulnerability that can be exploited by adversaries. As such, restricting the execution of privileged commands and access to security-relevant information via remote access reduces the exposure of the organization and the susceptibility to threats by adversaries to the remote access capability.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.