800-53|AC-17

Title

REMOTE ACCESS

Description

The organization:

Supplemental

Remote access is access to organizational information systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet). Remote access methods include, for example, dial-up, broadband, and wireless. Organizations often employ encrypted virtual private networks (VPNs) to enhance confidentiality and integrity over remote connections. The use of encrypted VPNs does not make the access non-remote; however, the use of VPNs, when adequately provisioned with appropriate security controls (e.g., employing appropriate encryption techniques for confidentiality and integrity protection) may provide sufficient assurance to the organization that it can effectively treat such connections as internal networks. Still, VPN connections traverse external networks, and the encrypted VPN does not enhance the availability of remote connections. Also, VPNs with encrypted tunnels can affect the organizational capability to adequately monitor network communications traffic for malicious code. Remote access controls apply to information systems other than public web servers or systems designed for public access. This control addresses authorization prior to allowing remote access without specifying the formats for such authorization. While organizations may use interconnection security agreements to authorize remote access connections, such agreements are not required by this control. Enforcing access restrictions for remote connections is addressed in AC-3.

Reference Item Details

Related: AC-18,AC-19,AC-2,AC-20,AC-3,CA-3,CA-7,CM-8,IA-2,IA-3,IA-8,MA-4,PE-17,PL-4,SC-10,SI-4

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 EX19-ED-000006WindowsCIS Microsoft Exchange 2019 Edge Server STIG v1.0.0 CAT II
1.1 EX19-MB-000006WindowsCIS Microsoft Exchange 2019 Mailbox Server STIG v1.0.0 CAT II
1.1 RHEL-10-000500UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT I
1.1 VCSA-80-000009VMwareCIS VMware vSphere 8.0 vCenter STIG v1.0.0 CAT II
1.1.2.1 (L1) Ensure 'NTLM' is set to 'Disabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.7.1 (L1) Ensure 'TLS_RSA_WITH_3DES_EDE_CBC_SHA ' is set to 'Enabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.37 (L1) Ensure 'Maximum SSL version enabled' is set to 'Enabled: TLS 1.3'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.38 (L1) Ensure 'Minimum SSL version enabled' is set to 'Enabled: TLS 1.2'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.10 ALMA-09-002770UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
1.10 Ensure system-wide crypto policy is not legacyUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Fedora 28 Family Linux Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Fedora 28 Family Linux Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.10 OL08-00-010070UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.11 ALMA-09-002880UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
1.11 UBTU-24-100300UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.11.1 Assign a custom certificate to syslog-clientArubaOSCIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations
1.11.2 Configure syslog-client to log using TLSArubaOSCIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations
1.12 ALMA-09-002990UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT I
1.12 Ensure 'Internet-facing receive connectors' is set to 'Tls, BasicAuth, BasicAuthRequireTLS'WindowsCIS Microsoft Exchange Server 2019 L1 Edge v1.0.0
1.12 UBTU-24-100310UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.13 ALMA-09-003100UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT I
1.13.1 (L1) Ensure 'Allow Basic authentication for HTTP' is set to 'Disabled'WindowsCIS Microsoft Intune for Edge v1.0.0 L1
1.13.1 (L1) Ensure 'Allow Basic authentication for HTTP' is set to 'Disabled'WindowsCIS Microsoft Edge v4.0.0 L1
1.13.3 (L2) Ensure 'Supported authentication schemes' is set to 'Enabled: ntlm, negotiate'WindowsCIS Microsoft Intune for Edge v1.0.0 L2
1.13.3 (L2) Ensure 'Supported authentication schemes' is set to 'Enabled: ntlm, negotiate'WindowsCIS Microsoft Edge v4.0.0 L2
1.14 ALMA-09-003210UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT I
1.15 ALMA-09-003320UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT I
1.15 SLES-15-010150UnixCIS SUSE Linux Enterprise Server 15 STIG v1.0.0 CAT II
1.16 ALMA-09-003430UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
1.101 PHTN-40-000239UnixCIS VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1.0.0 CAT I
1.118 UBTU-22-652015UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.128 WN16-CC-000400WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.128 WN16-CC-000400WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.129 WN16-CC-000410WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.129 WN16-CC-000410WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.130 SOL-11.1-050240UnixCIS Solaris 11 X86 STIG v1.0.0 CAT II
1.130 WN19-CC-000370WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.130 WN19-CC-000370WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.130 WN22-CC-000370WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.130 WN22-CC-000370WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.131 WN19-CC-000380WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.131 WN19-CC-000380WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.131 WN22-CC-000380WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.131 WN22-CC-000380WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.132 SOL-11.1-050240UnixCIS Solaris 11 SPARC STIG v1.0.0 CAT II
1.142 ALMA-09-018720UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
1.147 SOL-11.1-060130UnixCIS Solaris 11 X86 STIG v1.0.0 CAT II
1.149 SOL-11.1-060130UnixCIS Solaris 11 SPARC STIG v1.0.0 CAT II
1.159 WN10-CC-000285WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II