NIST 800-53 REV 5 • ACCESS CONTROL
AC-17(10) — Authenticate Remote Commands
Implement {{ insert: param, ac-17.10_odp.01 }} to authenticate {{ insert: param, ac-17.10_odp.02 }}.
Supplemental Guidance
Authenticating remote commands protects against unauthorized commands and the replay of authorized commands. The ability to authenticate remote commands is important for remote systems for which loss, malfunction, misdirection, or exploitation would have immediate or serious consequences, such as injury, death, property damage, loss of high value assets, failure of mission or business functions, or compromise of classified or controlled unclassified information. Authentication mechanisms for remote commands ensure that systems accept and execute commands in the order intended, execute only authorized commands, and reject unauthorized commands. Cryptographic mechanisms can be used, for example, to authenticate remote commands.
Practitioner Notes
When remote commands are issued to your systems, verify that the commands are legitimate and have not been tampered with. This protects against man-in-the-middle attacks on your admin sessions.
Example 1: Use SSH with strict host key checking enabled (StrictHostKeyChecking yes in /etc/ssh/ssh_config). When the server's key changes unexpectedly, the connection is refused. This prevents an attacker from impersonating your server and capturing your commands.
Example 2: For API-based remote management, require signed requests (HMAC or digital signatures). AWS uses Signature Version 4 for all API calls, ensuring that every request is authenticated and integrity-protected. Implement similar signing for your internal management APIs.