myctrl.tools
Compare

AC-17(1)Monitoring And Control

MODERATE
HIGH

>Control Description

Employ automated mechanisms to monitor and control remote access methods.

>Cross-Framework Mappings

SCF

NET-14.1
Compare

>Programmatic Queries

Beta

Related Services

AWS Client VPN
AWS Systems Manager Session Manager
Amazon CloudWatch

CLI Commands

Describe Client VPN endpoints
aws ec2 describe-client-vpn-endpoints --query 'ClientVpnEndpoints[].{Id:ClientVpnEndpointId,Status:Status.Code,Dns:DnsName}'
List active VPN connections
aws ec2 describe-client-vpn-connections --client-vpn-endpoint-id ENDPOINT_ID --query 'Connections[?Status.Code==`active`]'
Get Session Manager session history
aws ssm describe-sessions --state History --max-results 20
Enable VPN connection logging
aws ec2 modify-client-vpn-endpoint --client-vpn-endpoint-id ENDPOINT_ID --connection-log-options Enabled=true,CloudwatchLogGroup=vpn-logs
Open AWS ConsoleDocumentation

>Supplemental Guidance

Monitoring and control of remote access methods allows organizations to detect attacks and help ensure compliance with remote access policies by auditing the connection activities of remote users on a variety of system components, including servers, notebook computers, workstations, smart phones, and tablets. Audit logging for remote access is enforced by AU-02. Audit events are defined in AU-02a.

>Related Controls

AU-2
AU-6
AU-12
AU-14

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of AC-17(1) (Monitoring And Control)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring AC-17(1)?
  • How frequently is the AC-17(1) policy reviewed and updated, and what triggers policy changes?
  • What training or awareness programs ensure personnel understand their responsibilities related to AC-17(1)?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce AC-17(1) requirements.
  • What automated tools, systems, or technologies are deployed to implement AC-17(1)?
  • How is AC-17(1) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce AC-17(1) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of AC-17(1)?
  • What audit logs, records, reports, or monitoring data validate AC-17(1) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of AC-17(1) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate AC-17(1) compliance?

Ask AI

Configure your API key to use AI features.