CMMC Practice AC.3.021

Authorize remote execution of privileged commands and remote access to security-relevant information.


CMMC Version 1.02, pg. 74

Bold Coast Security Guidance

This is a refinement of privileged access. Not only do you want to restrict who has privileged access, but from where, when, and if they have full privileged access. For instance, you may be a Domain Administrator in your local network, but you may not be authorized to make administrative changes remotely, or over the VPN. Only a small subset of users who must be able to support the organization remotely should be given this access, and it should authorized by senior leadership. Also refine administrative privileges, such as allowing some users to reset passwords, but not clear or view audit logs, and do not allow users to initiate a VPN connection with their administrator accounts. The should use their day-to-day account first, then connect internally to perform any administrative functions. The measure the effectiveness, the organization should record IDS events which indicate an attempt to us administrative commands in an unauthorized manner.

Discussion From Source

DRAFT NIST SP 800-171 R2 A privileged command is a human- initiated (interactively or via a process operating on behalf of the human) command executed on a system involving the control, monitoring, or administration of the system including security functions and associated security-relevant information. Security-relevant information is any information within the system that can potentially impact the operation of security functions or the provision of security services in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data. Privileged commands give individuals the ability to execute sensitive, security-critical, or security-relevant system functions. Controlling such access from remote locations helps to ensure that unauthorized individuals are not able to execute such commands freely with the potential to do serious or catastrophic damage to organizational systems. Note that the ability to affect the integrity of the system is considered security-relevant as that could enable the means to bypass security functions although not directly impacting the function itself.