NIST 800-171 - Encrypting Remote Access (3.1.13)

Overview:
Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.

Action Items:
3.1.13[a]
Determine if: cryptographic mechanisms to protect the confidentiality of remote access sessions are identified.

3.1.13[b]
Determine if: cryptographic mechanisms to protect the confidentiality of remote access sessions are implemented.

POTENTIAL ASSESSMENT METHODS AND OBJECTS

1
Examine: Access control policy; procedures addressing remote access to the system; system security plan; system design documentation; system configuration settings and associated documentation; cryptographic mechanisms and associated configuration documentation; system audit logs and records; other relevant documents or records].

2
Interview: System or network administrators; personnel with information security responsibilities; system developers].

3
Test: Cryptographic mechanisms protecting remote access sessions].

Related Documents (document name and content will vary by organization):
1) Access control policy
2) procedures addressing remote access to the system
3) system security plan
4) system design documentation
5) system configuration settings and associated documentation
6) cryptographic mechanisms and associated configuration documentation
7) system audit logs and records
8) other relevant documents or records

Additional Guidance:
Generally applicable cryptographic standards include FIPS-validated cryptography and NSA approved cryptography. See NIST Cryptographic Standards; NIST Cryptographic Module Validation Program; NIST Cryptographic Algorithm Validation Program; NSA Cryptographic Standards.