Back to Control Explorer

AC.3.014

Content

Control Acronym

AC

Family

Access Control

CMMC Level

3

800-171 Control #

3.1.13

CMMC Description

Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.

CMMC Clarification

A remote access session involves logging in to the organization's network from a remote location such as home or an alternate work site. This remote access session must be secured using FIPS-validated cryptography to provide confidentiality and prevent anyone from capturing session information exchanges. Example As the IT administrator for your organization you are responsible for implementing a remote network access capability for users that work offsite. In order to provide session confidentiality, you decide to establish a TLS based Virtual Private Network mechanism. You chose a product that has completed FIPS validation. You require user authentication rather than mutual authentication, but you also set up two factor authentication based on a token passcode and a user PIN before the VPN is established.

800-171 Description

Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.

800-171 Discussion

Cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. See [NIST CRYPTO]; [NIST CAVP]; [NIST CMVP]; National Security Agency Cryptographic Standards.

Other Source Discussion

N/A

CIS Control References

CIS Controls v7.1 15.7, 15.8

NIST 800-53 Control Ref.

NIST SP 800-53 Rev 4 AC-17(2)

CMMC Derived

NIST CSF Control References

NIST 800-171 References

NIST SP 800-171 Rev 1 3.1.13

Applicable FAR Clause

NIST CSF Control Reference

NIST CSF v1.1 PR.AC-3, PR.PT-4

CERT RMM Reference

CERT RMM v1.2 KIM:SG4.SP1

Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference

Sub-Criterias

Assessment Sub-Criteria 1

AC.3.014.[a] cryptographic mechanisms to protect the confidentiality of remote access sessions are identified; and

Assessment Sub-Criteria 2

AC.3.014.[b] cryptographic mechanisms to protect the confidentiality of remote access sessions are implemented.

Assessment Sub-Criteria 3

Assessment Sub-Criteria 4

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15