CMMC AC.2.015 - Use Managed Access Points

CMMC AC.2.015 - Use Managed Access Points

Requirement text: AC.2.015: Route remote access via managed access control points.

DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2
Routing remote access through managed access control points enhances explicit,
organizational control over such connections, reducing the susceptibility to unauthorized
access to organizational systems resulting in the unauthorized disclosure of CUI.

CMMC CLARIFICATION
You can limit the number of remote access control points. This reduces the attack surface
for organizations. Route all remote access sessions through as few points as possible. This:
      • allows for better visibility into the traffic coming into the network;
      • simplifies network management; and
      • increases the ability to monitor and control the connections.

Example
You are the IT administrator for a company with many locations. Several employees at
different locations need to connect to the network while working remotely. Each location
has its own connection to the internet. Since each company location has a direct connection
to headquarters, you decide to route all remote access through the headquarters location. All
remote traffic comes to one location. You have to monitor the traffic on only one device,
rather than one per location. The company will not have to buy as much equipment.

References
• NIST SP 800-171 Rev 1 3.1.14
• CIS Controls v7.1 15.5, 15.10
• NIST CSF v1.1 PR.AC-3, PR.PT-4
• CERT RMM v1.2 TM:SG2.SP2
• NIST SP 800-53 Rev 4 AC-17(3)




    • Related Articles

    • Access Control: SP 800-171 Security Family 3.1

      Access is the ability to make use of any system resource. Access control is the process of granting or denying requests to:       • use information,       • use information processing services, and       • enter company facilities.  System-based ...

    • CMMC AC.5.024 - Identify Unauthorized Access Points

      Requirement text: AC.5.024: Identify and mitigate risk associated with unidentified wireless access points connected to the network. DISCUSSION FROM SOURCE: CMMC Unidentified and unauthorized wireless access points can be connected to a network by ...

    • CMMC Level 1 Overview - Basic Cyber Hygiene

      CMMC Level 1 l focuses on Federal Contract Information (FCI), which is defined as “information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the ...

    • CMMC AC.2.008 - Use Non-Privilege Accounts

      Requirement text: AC.2.008: Use non-privileged accounts or roles when accessing non-security functions. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2  This requirement limits exposure when operating from within privileged accounts or roles. The ...

    • CMMC AC.2.010 - Use Session Locks

      Requirement text: AC.2.010: Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2  Session locks are temporary actions taken when users stop ...