Routing remote access through managed access control points enhances explicit, organizational control over such connections, reducing the susceptibility to unauthorized access to organizational systems resulting in the unauthorized disclosure of CUI. 

Priority: High 

Category: Network Security

Services Associated with AWS: 

  • AWS Virtual Private Network (VPN), AWS Direct Connect, AWS Transit Gateway

Objective Evidence: 

  • Administrative: documented policies, standards & procedures 
  • Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations 
  • Technical: screen shot of firewall/VPN settings

Possible Technology Considerations: 

  • VPN Concentrator Secure Baseline Configurations (SBC) 

What needs to be answered: 

Is remote access only maintained by the IT department and routed through a limited number of managed access control points? 

  • Ensure Routing of Remote Access Via Managed Control Points
    Description: This check confirms that remote access is routed through managed access control points, enhancing organizational control over such connections and reducing the susceptibility to unauthorized access.

More details: Remote access is managed via a controlled access point.