NIST 800-53 REV 5 • ACCESS CONTROL

AC-17(9)Disconnect or Disable Access

Provide the capability to disconnect or disable remote access to the system within {{ insert: param, ac-17.09_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

The speed of system disconnect or disablement varies based on the criticality of missions or business functions and the need to eliminate immediate or future remote access to systems.

Practitioner Notes

You need the ability to disconnect remote access or disable it entirely in a short timeframe. In an emergency, cutting off remote access may be necessary to contain a breach.

Example 1: Document a procedure to disable all VPN access within 15 minutes. This could mean shutting down the VPN concentrator, revoking the VPN server certificate, or activating a deny-all firewall rule. Test this procedure during your incident response exercises.

Example 2: In Azure AD, create a break-glass Conditional Access policy (set to Report-only during normal operations) that blocks all sign-ins from outside your corporate network. During an incident, switch this policy from Report-only to On to immediately cut off all remote access to cloud resources.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management