NIST SP 800-171 & CMMC 2.0 Control 3.1.12 Requirement:

Monitor and control remote access sessions.

NIST SP 800-171 & CMMC 2.0 3.1.12 Requirement Explanation:

Allowing users to remotely access your system presents inherent risks. By requiring that they authenticate before connecting and by encrypting the connection you can reduce risk. By limiting which users and systems can remotely connect to your network you also reduce cyber risk. By enabling logging on your VPN you can monitor who and what is remotely accessing your network.

Example NIST SP 800-171 & CMMC 2.0 3.1.12 Implementation:

Encrypt your VPN connections. Only allow authorized users and devices to connect to your network via VPN. Ensure that your VPN is configured to log which users and devices have connected to the VPN. Force your remote VPN connections to pass through your firewall so that you can monitor the VPN connections. You need to have a policy that covers remote connections. Our information security policy template can be used to meet this requirement.

NIST SP 800-171 & CMMC 2.0 3.1.12 Scenario(s):

- Scenario 1:

John, an employee at your company is working from home. He logs into his company provided computer and then signs into the VPN via the client installed on his computer. His VPN connection is encrypted and passes through your firewall before entering your network.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.