CMMC 1.0 Practice AC.3.021 Requirement:
Authorize remote execution of privileged commands and remote access to security relevant information.
CMMC 1.0 AC.3.021 Requirement Explanation:
By restricting which admins can conduct admin tasks remotely (e.g. via VPN connection) you are reducing the probability of an attacker being able to use a compromised account to access your systems and access security relevant information.
Example CMMC 1.0 AC.3.021 Implementation:
You can choose to completely restrict privileged accounts from accessing your network and system via a remote VPN connection. If that is not feasible see the below options. Document which of your system administrators are allowed to administer your systems via a remote VPN connection. Only place authorized admin accounts in security groups that allow for remote VPN access. Document the type of admin activity your admins can conduct remotely. An example is allowing them to provide desktop support services to end users but not allowing them to log into your active directory server via a VPN connection. Implement this using security groups. Restrict the ability to remotely access security relevant information such as your syslog server.
CMMC 1.0 AC.3.021 Scenario(s):
- Scenario 1:
To meet this security requirement your company prevents admins from connecting to your corporate network via VPN using their admin accounts. If they need to carry out privileged functions they must be onsite. The only exception to the rule is allowing members of the help desk to connect to workstations using a desktop support tool.
Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:
Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.
Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.
Supply Chain Verifier
Trust is everything. Verify, monitor, and support subcontactor compliance.