AC-17(04) Privileged Commands and Access
(a) Authorize the execution of privileged commands and access to security-relevant information via remote access only in a format that provides assessable evidence and for the following needs: ac-17.4_prm_1 ; and
(b) Document the rationale for remote access in the security plan for the system.
| Parameter ID | Definition |
|---|---|
| ac-17.4_prm_1 | organization-defined needs |
| ac-17.04_odp.01 | needs requiring remote access |
| ac-17.04_odp.02 | needs requiring remote access |
Baselines
- L
- M
- H
- P
Guidance
Remote access to systems represents a significant potential vulnerability that can be exploited by adversaries. As such, restricting the execution of privileged commands and access to security-relevant information via remote access reduces the exposure of the organization and the susceptibility to threats by adversaries to the remote access capability.
Related controls 3
- AC-06 Least Privilege L M H P
- SC-12 Cryptographic Key Establishment and Management L M H P
- SC-13 Cryptographic Protection L M H P