NIST 800-171 - Remote Access Monitoring (3.1.12)

Overview:
Monitor and control remote access sessions.

Action Items:
3.1.12[a]
Determine if: remote access sessions are permitted.

3.1.12[b]
Determine if: the types of permitted remote access are identified.

3.1.12[c]
Determine if: remote access sessions are controlled.

3.1.12[d]
Determine if: remote access sessions are monitored.

POTENTIAL ASSESSMENT METHODS AND OBJECTS

1
Examine: Access control policy; procedures addressing remote access implementation and usage (including restrictions); configuration management plan; system security plan; system design documentation; system configuration settings and associated documentation; remote access authorizations; system audit logs and records; other relevant documents or records].

2
Interview: Personnel with responsibilities for managing remote access connections; system or network administrators; personnel with information security responsibilities].

3
Test: Remote access management capability for the system].

Related Documents (document name and content will vary by organization):
1) Access control policy
2) procedures addressing remote access implementation and usage (including restrictions)
3) configuration management plan
4) system security plan
5) system design documentation
6) system configuration settings and associated documentation
7) remote access authorizations
8) system audit logs and records
9) other relevant documents or records

Additional Guidance:
Automated monitoring and control of remote access sessions allows organizations to detect cyberattacks and help to ensure ongoing compliance with remote access policies by auditing connection activities of remote users on a variety of system components (e.g., servers, workstations, notebook computers, smart phones, and tablets).

Remote access is access to organizational systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet). Remote access methods include, for example: dial-up, broadband, and wireless. Organizations often employ encrypted virtual private networks (VPNs) to enhance confidentiality over remote connections. The use of encrypted VPNs does not make the access non-remote; however, the use of VPNs, when adequately provisioned with appropriate safeguards (e.g., employing encryption techniques for confidentiality protection), may provide sufficient assurance to the organization that it can effectively treat such connections as internal networks. VPNs with encrypted tunnels can affect the capability to adequately monitor network communications traffic for malicious code. NIST Special Publications 800-46, 800-77, and 800-113 provide guidance on secure remote access and virtual private networks.