AC.L2-3.1.13 Remote Access Confidentiality

Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.

Source: NIST SP 800-171 Rev 2 3.1.13

Discussion: Cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. See [NIST CRYPTO]; [NIST CAVP]; [NIST CMVP]; National Security Agency Cryptographic Standards.

Assessment Objectives:

Determine if:

Examine: [SELECT FROM: Access control policy; procedures addressing remote access to the system; security plan; system design documentation; system configuration settings and associated documentation; cryptographic mechanisms and associated configuration documentation; system audit logs and records; other relevant documents or records].

Interview: [SELECT FROM: System or network administrators; personnel with information security responsibilities; system developers].

Test: [SELECT FROM: Cryptographic mechanisms protecting remote access sessions].

SPRS Score: 5

POA&M Allowed: No