Remote-access Guide

route remote access via managed access control points

by Brad O'Reilly Published 3 years ago Updated 2 years ago
image

Routing remote access through managed access control points enhances explicit, organizational control over such connections, reducing the susceptibility to unauthorized access to organizational systems resulting in the unauthorized disclosure of CUI. Further Discussion

Routing remote access through managed access control points enhances explicit, organizational control over such connections, reducing the susceptibility to unauthorized access to organizational systems resulting in the unauthorized disclosure of CUI.

Full Answer

CMMC Requirement Explanation

By limiting the number of access points for remote connections you can reduce your company's attack surface.

Example CMMC Implementation

Route all your VPN connections through a single point (e.g. your external firewall). This allows you to better monitor VPN connections. This generally applies when you have VPN connections coming in from multiple offices.

Scenario (s)

Alice is a system administrator who manages the IT systems at her company's headquarters and two overseas offices. Each office has its own VPN setup to allow access to the resources on their networks. To better monitor VPN connections, Alice routes all VPN connections through the intrusion detection system at her company's headquarters.

End of life for IE11

Microsoft is planning to end support for IE11 ( https://www.bleepingcomputer.com/news/microsoft/microsoft-to-retire-internet-explorer-on-some-windows-10-versions/ ). Since IE11 seems to be the standard browser within the government and particularly the DoD.

Not even sure if a NIST 800-171 score is required for my company

I work for a small business that sells COTS items but also supplies said products to government contractors.

Appropriate way to fill out SSP information on controls?

I have to fill out an SSP for a class. It's a fictional company, but I'm not exactly sure what all we have to answer. Do you have to fill each blank?

Guidance for a small business doing a NIST SP 800-171 self-assessment

We are a small business with less than 100 employees and do some work with the government. We have been asked to complete a NIST SP 800-171 Assessment at the 'Basic (Contractor Self-Assessment)' level as well as a System Security Plan before we can renew our contract.

Free NIST 800-53 and SOC 2 Compliance Audit Prep Tool

Hi all, my company recently launched a free version of their audit prep software. There is a two-week free trial with full functionality available for all frameworks, including NIST 800-53, and SOC 2 is now free to all with no restrictions. Wanted to share in case any of y'all are interested in using this with clients or for an upcoming audit.

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9