Skip to Content

FedRAMP Managed Access Control Points AC-17 (3)

40  Matthew Burdick September 26, 2022  Access Control (AC)

Overview:
The information system routes all remote accesses through [Assignment: organization-defined number] managed network access control points.


Supplemental Guidance:
Limiting the number of access control points for remote accesses reduces the attack surface for organizations. Organizations consider the Trusted Internet Connections (TIC) initiative requirements for external network connections.


Related Controls: SC-7


Action Items:
1) Ensure all remote access is routed through managed points
2) Implement access controls

Related Documents:
1) Access Control Policy
2) Network Security Policy
3) Remote Access Policy

Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none

Moderate Additional FedRAMP Requirements and Guidance
none
Not Rated
Secure Code