CMMC 1.0 Practice AC.2.013 Requirement:
Monitor and control remote access sessions.
CMMC 1.0 AC.2.013 Requirement Explanation:
Allowing users to remotely access your system presents inherent risks. By requiring that they authenticate before connecting and by encrypting the connection you can reduce risk. By limiting which users and systems can remotely connect to your network you also reduce cyber risk. By enabling logging on your VPN you can monitor who and what is remotely accessing your network.
Example CMMC 1.0 AC.2.013 Implementation:
Encrypt your VPN connections. Only allow authorized users and devices to connect to your network via a VPN. Ensure that your VPN is configured to log which users and devices have connected to the VPN. Force your remote connections to pass through your intrusion detection system so that you can monitor the connection.
CMMC 1.0 AC.2.013 Scenario(s):
- Scenario 1:
John, an employee at your company is working from home. He logs into his company provided computer and then signs into the VPN via the client installed on his computer. His VPN connection is encrypted and passes through your intrusion detection system before entering your network.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.