AC-17 (9): The organization provides the capability to expeditiously disconnect or disable remote access to the information system within fifteen (15) minutes. This control enhancement requires organizations to have the capability to rapidly disconnect current users remotely accessing the information system and/or disable further remote access.
Full Answer
What is AC 17A and AC 17B?
AC-17a. AC-17b. Authorizes remote access to the information system prior to allowing such connections. Remote access is access to organizational information systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet).
What is AC number 17B in ITIL?
AC-17b. Authorizes remote access to the information system prior to allowing such connections. Remote access is access to organizational information systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet). Remote access methods include, for example, dial-up, broadband, and wireless.
What is authorized remote access to information systems?
Authorizes remote access to the information system prior to allowing such connections. Remote access is access to organizational information systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet). Remote access methods include, for example, dial-up, broadband, and wireless.
What is remote access control?
Remote access controls apply to information systems other than public web servers or systems designed for public access. This control addresses authorization prior to allowing remote access without specifying the formats for such authorization.
What is remote access?
Does VPN enhance remote access?
AIR FORCE - AFMAN 17-1301 - COMPUTER SECURITY (COMPUSEC) - GlobalSpec
Find the most up-to-date version of AFMAN 17-1301 at Engineering360.
AC-17 REMOTE ACCESS | NIST Controls and PCF - Pivotal
Page last updated: PCF Compliance. PCF complies with this requirement by providing TLS 1.2 support for all user network connections. However, PCF does not provide any native support for “remote” access, and inherits controls from the supporting infrastructure.
NIST SP 800-53A Revision 1, Guide for Assessing the Security Controls ...
NIST Special Publication 800-53A Guide for Assessing the Security Revision 1 Controls in Federal Information Systems and Organizations Building Effective Security Assessment Plans
AIR FORCE - AFI 17-130 - CYBERSECURITY PROGRAM MANAGEMENT | Engineering360
Find the most up-to-date version of AFI 17-130 at Engineering360.
MIL-HDBK-61A Contents - Product Lifecycle Management
MIL-HDBK-61A: Contents. Next >. This section is intended to provide the principal text of MIL-HDBK-61A, one of the US Government's last official pronouncements of good configuration management practices. The complete document, including omitted cover pages, foreword, figures, tables, footnotes and other information, can be downloaded here.
Guide for developing security plans for federal information systems
Guide for Developing Security Plans for Federal Information Systems Reports on Information Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and
What is remote access?
Remote access is access to organizational systems (or processes acting on behalf of users) that communicate through external networks such as the Internet. Types of remote access include dial-up, broadband, and wireless. Organizations use encrypted virtual private networks (VPNs) to enhance confidentiality and integrity for remote connections. The use of encrypted VPNs provides sufficient assurance to the organization that it can effectively treat such connections as internal networks if the cryptographic mechanisms used are implemented in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Still, VPN connections traverse external networks, and the encrypted VPN does not enhance the availability of remote connections. VPNs with encrypted tunnels can also affect the ability to adequately monitor network communications traffic for malicious code. Remote access controls apply to systems other than public web servers or systems designed for public access. Authorization of each remote access type addresses authorization prior to allowing remote access without specifying the specific formats for such authorization. While organizations may use information exchange and system connection security agreements to manage remote access connections to other systems, such agreements are addressed as part of CA-3. Enforcing access restrictions for remote access is addressed via AC-3.
Does VPN allow remote access?
Still, VPN connections traverse external networks, and the encrypted VPN does not enhance the availability of remote connections. VPNs with encrypted tunnels can also affect the ability to adequately monitor network communications traffic for malicious code. Remote access controls apply to systems other than public web servers or systems designed ...
What is remote access?
Remote access is access to organizational information systems by users (or processes acting on behalf of users) communicating through external networks ( e.g., the Internet). Remote access methods include, for example, dial-up, broadband, and wireless. Organizations often employ encrypted virtual private networks (VPNs) to enhance confidentiality and integrity over remote connections. The use of encrypted VPNs does not make the access non-remote; however, the use of VPNs, when adequately provisioned with appropriate security controls (e.g., employing appropriate encryption techniques for confidentiality and integrity protection) may provide sufficient assurance to the organization that it can effectively treat such connections as internal networks. Still, VPN connections traverse external networks, and the encrypted VPN does not enhance the availability of remote connections. Also, VPNs with encrypted tunnels can affect the organizational capability to adequately monitor network communications traffic for malicious code. Remote access controls apply to information systems other than public web servers or systems designed for public access. This control addresses authorization prior to allowing remote access without specifying the formats for such authorization. While organizations may use interconnection security agreements to authorize remote access connections, such agreements are not required by this control. Enforcing access restrictions for remote connections is addressed in AC-3.
Does PCF support remote access?
PCF complies with this requirement by providing TLS 1.2 support for all user network connections. However, PCF does not provide any native support for “remote” access, and inherits controls from the supporting infrastructure.
AC-17 (3): Managed Access Control Points
The information system routes all remote accesses through [Assignment: organization-defined number] managed network access control points.
AC-17 (6): Protection Of Information
The organization ensures that users protect information about remote access mechanisms from unauthorized use and disclosure.
What is remote access?
Remote access is access to organizational information systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet).
Does VPN enhance remote access?
Still, VPN connections traverse external networks, and the encrypted VPN does not enhance the availability of remote connections. Also, VPNs with encrypted tunnels can affect the organizational capability to adequately monitor network communications traffic for malicious code. Remote access controls apply to information systems other ...