AC.L2-3.1.13 Remote Access Confidentiality
Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.
Source: NIST SP 800-171 Rev 2 3.1.13
Discussion: Cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. See [NIST CRYPTO]; [NIST CAVP]; [NIST CMVP]; National Security Agency Cryptographic Standards.
Assessment Objectives:
Determine if:
- [a] cryptographic mechanisms to protect the confidentiality of remote access sessions are identified; and
- [b] cryptographic mechanisms to protect the confidentiality of remote access sessions are implemented.
Examine: [SELECT FROM: Access control policy; procedures addressing remote access to the system; security plan; system design documentation; system configuration settings and associated documentation; cryptographic mechanisms and associated configuration documentation; system audit logs and records; other relevant documents or records].
Interview: [SELECT FROM: System or network administrators; personnel with information security responsibilities; system developers].
Test: [SELECT FROM: Cryptographic mechanisms protecting remote access sessions].
SPRS Score: 5
POA&M Allowed: No