AC.2.015

Control Acronym

AC

Family

Access Control

CMMC Level

2

800-171 Control #

3.1.14

CMMC Description

Route remote access via managed access control points.

CMMC Clarification

You can limit the number of remote access control points. This reduces the attack surface for organizations. Route all remote access sessions through as few points as possible. This: * allows for better visibility into the traffic coming into the network * simplifies network management * increases the ability to monitor and control the connections. Example You are the IT administrator for a company with many locations. Several employees at different locations need to connect to the network while working remotely. Each location has its own connection to the internet. Since each company location has a direct connection to headquarters, you decide to route all remote access through the headquarters location. All remote traffic comes to one location. You have to monitor the traffic on only one device, rather than one per location. The company will not have to buy as much equipment.

800-171 Description

Route remote access via managed access control points.

800-171 Discussion

Routing remote access through managed access control points enhances explicit, organizational control over such connections, reducing the susceptibility to unauthorized access to organizational systems resulting in the unauthorized disclosure of CUI.

Other Source Discussion

N/A

CIS Control References

CIS Controls v7.1 15.5, 15.10

NIST 800-53 Control Ref.

NIST SP 800-53 Rev 4 AC-17(3)

CMMC Derived

NIST CSF Control References

NIST 800-171 References

NIST SP 800-171 Rev 1 3.1.14

Applicable FAR Clause

NIST CSF Control Reference

NIST CSF v1.1 PR.AC-3, PR.PT-4

CERT RMM Reference

CERT RMM v1.2 TM:SG2.SP2

Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference

Assessment Sub-Criteria 1

AC.2.015.[a] managed access control points are identified and implemented; and

Assessment Sub-Criteria 2

AC.2.015.[b] remote access is routed through managed network access control points.

Assessment Sub-Criteria 3

Assessment Sub-Criteria 4

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15