CMMC 2.0 • LEVEL 2 • ACCESS CONTROL

AC.L2-3.1.12Remote Access

Establish usage restrictions, configuration requirements, and connection requirements for each type of allowable remote system access. Authorize each type of remote system access prior to establishing such connections. Route remote access to the system through authorized and managed access control points. Authorize the remote execution of privileged commands and remote access to security-relevant information.

NIST 800-171 Mapping

NIST 800-53 Controls

AC-17(1)AC-17(2)

Assessment Objectives

  • types of allowable remote system access are defined.
  • usage restrictions are established for each type of allowable remote system access.
  • configuration requirements are established for each type of allowable remote system access.
  • connection requirements are established for each type of allowable remote system access.
  • each type of remote system access is authorized prior to establishing such connections.
  • remote access to the system is routed through authorized access control points.
  • remote access to the system is routed through managed access control points.
  • remote execution of privileged commands is authorized.
  • remote access to security-relevant information is authorized.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

AC.L1-3.1.1 Account Management AC.L1-3.1.2 Access Enforcement AC.L2-3.1.3 Information Flow Enforcement AC.L2-3.1.4 Separation of Duties