CMMC Practice AC.L2-3.1.15

Authorize remote execution of privileged commands and remote access to security-relevant information.

Bold Coast Security Guidance

This is a refinement of privileged access. Not only do you want to restrict who has privileged access, but from where, when, and if they have full privileged access. For instance, you may be a Domain Administrator in your local network, but you may not be authorized to make administrative changes remotely, or over the VPN. Only a small subset of users who must be able to support the organization remotely should be given this access, and it should authorized by senior leadership. Also refine administrative privileges, such as allowing some users to reset passwords, but not clear or view audit logs, and do not allow users to initiate a VPN connection with their administrator accounts. The should use their day-to-day account first, then connect internally to perform any administrative functions.
Security Catapult

Be prepared for CMMC

Our Q&A assessment tool is designed by security advisors for MSPs and DoD contractors of all sizes.

Try now for free

Understand your gaps
Security Catapult

Understand your gaps

See compliance gaps, compliance scores and proactive security tasks in a single interface.

Try now for free

Validate NIST SP 800-171
Security Catapult

Validate NIST SP 800-171

Based on your CMMC answers, we let you know where you stand on NIST.

Try now for free

Build a plan of action
Security Catapult

Build a plan of action

Track your burn down and stay on top of security needs.

Try now for free

Build your policy
Security Catapult

Build your policy

Say goodbye to maintaining a security policy. We do it for you.

Try now for free

Discussion From Source

DRAFT NIST SP 800-171 R2 A privileged command is a human- initiated (interactively or via a process operating on behalf of the human) command executed on a system involving the control, monitoring, or administration of the system including security functions and associated security-relevant information. Security-relevant information is any information within the system that can potentially impact the operation of security functions or the provision of security services in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data. Privileged commands give individuals the ability to execute sensitive, security-critical, or security-relevant system functions. Controlling such access from remote locations helps to ensure that unauthorized individuals are not able to execute such commands freely with the potential to do serious or catastrophic damage to organizational systems. Note that the ability to affect the integrity of the system is considered security-relevant as that could enable the means to bypass security functions although not directly impacting the function itself.

References