3.1.14—Access Control - Derived
Derived Requirement
>Control Description
Route remote access via managed access control points.
>Discussion
Routing remote access through managed access control points enhances explicit, organizational control over such connections, reducing the susceptibility to unauthorized access to organizational systems resulting in the unauthorized disclosure of CUI.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern remote access routing through managed access points?
- •How do you define and approve managed network access control points?
- •What procedures prevent direct remote access bypassing controls?
- •Who oversees remote access architecture and topology?
- •What governance ensures all remote access is properly routed?
Technical Implementation:
- •What managed access control points route all remote access?
- •How do you prevent users from establishing unauthorized remote connections?
- •What network controls enforce routing through approved gateways?
- •How are VPN concentrators or jump servers implemented?
- •What monitoring detects remote access attempts bypassing controls?
Evidence & Documentation:
- •Can you show network diagrams with managed access control points?
- •What configurations enforce routing through approved gateways?
- •What logs demonstrate all remote access goes through managed points?
- •Can you provide evidence of blocked unauthorized remote access?
- •What audit reports verify remote access topology compliance?
Ask AI
Configure your API key to use AI features.