NIST CSF: PR.AC-3 Subcategory

From NIST's Cyber Security Framework (version 1):

Remote access is managed

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
SC-15: Collaborative Computing Devices and Applications
AC-1: Policy and Procedures
AC-20: Use of External Systems
AC-17: Remote Access
AC-19: Access Control for Mobile Devices

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Information transfer policies and procedures (13.2.1)
ISO 27001:2013
Mobile Device Policy (6.2.1)
ISO 27001:2013
Network controls (13.1.1)
ISO 27001:2013
Security of equipment and assets off-premises (11.2.6)
ISO 27001:2013
Teleworking (6.2.2)
ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Access via untrusted networks (SR 1.13)
ISA/IEC 62443-3-3:2013
Remote session termination (SR 2.6)
ISA/IEC 62443-3-3:2013
Develop a policy for remote login and connections (4.3.3.6.6)
ISA/IEC 62443-2-1:2009

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

ATT&CK ID	Title	Associated Tactics
T1556.006	Multi-Factor Authentication	Credential Access, Defense Evasion, Persistence
T1556.007	Hybrid Identity	Credential Access, Defense Evasion, Persistence
T1021.004	SSH	Lateral Movement
T1567	Exfiltration Over Web Service	Exfiltration
T1078.002	Domain Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1110.003	Password Spraying	Credential Access
T1136.002	Domain Account	Persistence
T1602	Data from Configuration Repository	Collection
T1114.003	Email Forwarding Rule	Collection
T1098.001	Additional Cloud Credentials	Persistence, Privilege Escalation
T1552	Unsecured Credentials	Credential Access
T1583.007	Serverless	Resource Development
T1098.002	Additional Email Delegate Permissions	Persistence, Privilege Escalation
T1602.002	Network Device Configuration Dump	Collection
T1530	Data from Cloud Storage	Collection
T1537	Transfer Data to Cloud Account	Exfiltration
T1505.005	Terminal Services DLL	Persistence
T1110.002	Password Cracking	Credential Access
T1539	Steal Web Session Cookie	Credential Access
T1098.004	SSH Authorized Keys	Persistence, Privilege Escalation
T1567.001	Exfiltration to Code Repository	Exfiltration
T1098.003	Additional Cloud Roles	Persistence, Privilege Escalation
T1584.007	Serverless	Resource Development
T1567.002	Exfiltration to Cloud Storage	Exfiltration
T1110.004	Credential Stuffing	Credential Access
T1556.004	Network Device Authentication	Credential Access, Defense Evasion, Persistence
T1133	External Remote Services	Initial Access, Persistence
T1110	Brute Force	Credential Access
T1550.001	Application Access Token	Defense Evasion, Lateral Movement
T1556	Modify Authentication Process	Credential Access, Defense Evasion, Persistence
T1134.005	SID-History Injection	Defense Evasion, Privilege Escalation
T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol	Exfiltration
T1565	Data Manipulation	Impact
T1556.001	Domain Controller Authentication	Credential Access, Defense Evasion, Persistence
T1048	Exfiltration Over Alternative Protocol	Exfiltration
T1052.001	Exfiltration over USB	Exfiltration
T1041	Exfiltration Over C2 Channel	Exfiltration
T1021.001	Remote Desktop Protocol	Lateral Movement
T1098.005	Device Registration	Persistence, Privilege Escalation
T1021	Remote Services	Lateral Movement
T1552.005	Cloud Instance Metadata API	Credential Access
T1557.002	ARP Cache Poisoning	Collection, Credential Access
T1020.001	Traffic Duplication	Exfiltration
T1136.003	Cloud Account	Persistence
T1565.001	Stored Data Manipulation	Impact
T1565.002	Transmitted Data Manipulation	Impact
T1078.004	Cloud Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1110.001	Password Guessing	Credential Access
T1119	Automated Collection	Collection
T1200	Hardware Additions	Initial Access
T1114.002	Remote Email Collection	Collection
T1114	Email Collection	Collection
T1136.001	Local Account	Persistence
T1136	Create Account	Persistence
T1557	Adversary-in-the-Middle	Collection, Credential Access
T1556.003	Pluggable Authentication Modules	Credential Access, Defense Evasion, Persistence
T1552.004	Private Keys	Credential Access
T1052	Exfiltration Over Physical Medium	Exfiltration
T1114.001	Local Email Collection	Collection
T1072	Software Deployment Tools	Execution, Lateral Movement
T1048.002	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Exfiltration
T1602.001	SNMP (MIB Dump)	Collection
T1059.005	Visual Basic	Execution
T1059.006	Python	Execution
T1563.002	RDP Hijacking	Lateral Movement
T1059.003	Windows Command Shell	Execution
T1137	Office Application Startup	Persistence
T1040	Network Sniffing	Credential Access, Discovery
T1563	Remote Service Session Hijacking	Lateral Movement
T1552.002	Credentials in Registry	Credential Access
T1070.008	Clear Mailbox Data	Defense Evasion
T1610	Deploy Container	Defense Evasion, Execution
T1021.006	Windows Remote Management	Lateral Movement
T1613	Container and Resource Discovery	Discovery
T1213	Data from Information Repositories	Collection
T1047	Windows Management Instrumentation	Execution
T1558.002	Silver Ticket	Credential Access
T1213.001	Confluence	Collection
T1543	Create or Modify System Process	Persistence, Privilege Escalation
T1547.012	Print Processors	Persistence, Privilege Escalation
T1547.003	Time Providers	Persistence, Privilege Escalation
T1213.002	Sharepoint	Collection
T1558	Steal or Forge Kerberos Tickets	Credential Access
T1552.007	Container API	Credential Access
T1059.001	PowerShell	Execution
T1612	Build Image on Host	Defense Evasion
T1558.003	Kerberoasting	Credential Access
T1059.007	JavaScript	Execution
T1619	Cloud Storage Object Discovery	Discovery
T1547.009	Shortcut Modification	Persistence, Privilege Escalation
T1547.004	Winlogon Helper DLL	Persistence, Privilege Escalation
T1021.003	Distributed Component Object Model	Lateral Movement
T1059	Command and Scripting Interpreter	Execution
T1558.004	AS-REP Roasting	Credential Access
T1021.002	SMB/Windows Admin Shares	Lateral Movement
T1070.002	Clear Linux or Mac System Logs	Defense Evasion
T1137.002	Office Test	Persistence
T1647	Plist File Modification	Defense Evasion
T1037.001	Logon Script (Windows)	Persistence, Privilege Escalation
T1059.008	Network Device CLI	Execution
T1563.001	SSH Hijacking	Lateral Movement
T1219	Remote Access Software	Command and Control
T1059.002	AppleScript	Execution
T1070.001	Clear Windows Event Logs	Defense Evasion
T1037	Boot or Logon Initialization Scripts	Persistence, Privilege Escalation
T1547.013	XDG Autostart Entries	Persistence, Privilege Escalation
T1059.004	Unix Shell	Execution
T1505.004	IIS Components	Persistence
T1070	Indicator Removal	Defense Evasion
T1021.005	VNC	Lateral Movement
T1609	Container Administration Command	Execution

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID	Name	Description
A4.a	Supply Chain	The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used.
B2.b	Device Management	You fully know and have trust in the devices that are used to access your networks, information systems and data that support your essential function.
B2.a	Identity Verification, Authentication and Authorisation	You robustly verify, authenticate and authorise access to the networks and information systems supporting your essential function.
B2.c	Privileged User Management	You closely manage privileged user access to networks and information systems supporting the essential function.

NIST CSF: PR.AC-3 Subcategory

Cyber Threat Graph Context

CSF Mapped to SP800-53 Controls

Related ISO 27001 Controls

Information transfer policies and procedures (13.2.1)

Mobile Device Policy (6.2.1)

Network controls (13.1.1)

Security of equipment and assets off-premises (11.2.6)

Teleworking (6.2.2)

Related ISA/IEC 62443 Controls

Access via untrusted networks (SR 1.13)

Remote session termination (SR 2.6)

Develop a policy for remote login and connections (4.3.3.6.6)

MITRE ATT&CK Techniques

CSF Mapped to the NCSC CAF