NIST 800-53 REV 5 • ACCESS CONTROL

AC-17(4)Privileged Commands and Access

Authorize the execution of privileged commands and access to security-relevant information via remote access only in a format that provides assessable evidence and for the following needs: {{ insert: param, ac-17.4_prm_1 }} ; and Document the rationale for remote access in the security plan for the system.

CMMC Practice Mapping

NIST 800-171 Mapping

Related Controls

Supplemental Guidance

Remote access to systems represents a significant potential vulnerability that can be exploited by adversaries. As such, restricting the execution of privileged commands and access to security-relevant information via remote access reduces the exposure of the organization and the susceptibility to threats by adversaries to the remote access capability.

Practitioner Notes

Running privileged commands over remote connections requires extra controls — additional authorization, stronger authentication, or session recording.

Example 1: Require all remote admin sessions to go through your PAM tool (CyberArk, BeyondTrust). The PAM tool records the entire session — keystrokes, screen, and commands — providing a complete audit trail. Admins cannot directly RDP to servers without going through PAM.

Example 2: In Azure AD PIM, require that any activation of a privileged role from a remote location includes MFA re-verification plus a ticket number from your ITSM system. Configure PIM to send an immediate alert to the security team when privileged roles are activated remotely.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management