NIST CSF: PR.AC-3 Subcategory
From NIST's Cyber Security Framework (version 1):
Remote access is managed
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Information transfer policies and procedures (13.2.1)
ISO 27001:2013 -
Mobile Device Policy (6.2.1)
ISO 27001:2013 -
Network controls (13.1.1)
ISO 27001:2013 -
Security of equipment and assets off-premises (11.2.6)
ISO 27001:2013 -
Teleworking (6.2.2)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Access via untrusted networks (SR 1.13)
ISA/IEC 62443-3-3:2013 -
Remote session termination (SR 2.6)
ISA/IEC 62443-3-3:2013 -
Develop a policy for remote login and connections (4.3.3.6.6)
ISA/IEC 62443-2-1:2009
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1556.006 | Multi-Factor Authentication | Credential Access, Defense Evasion, Persistence |
| T1556.007 | Hybrid Identity | Credential Access, Defense Evasion, Persistence |
| T1021.004 | SSH | Lateral Movement |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1078.002 | Domain Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1110.003 | Password Spraying | Credential Access |
| T1136.002 | Domain Account | Persistence |
| T1602 | Data from Configuration Repository | Collection |
| T1114.003 | Email Forwarding Rule | Collection |
| T1098.001 | Additional Cloud Credentials | Persistence, Privilege Escalation |
| T1552 | Unsecured Credentials | Credential Access |
| T1583.007 | Serverless | Resource Development |
| T1098.002 | Additional Email Delegate Permissions | Persistence, Privilege Escalation |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1530 | Data from Cloud Storage | Collection |
| T1537 | Transfer Data to Cloud Account | Exfiltration |
| T1505.005 | Terminal Services DLL | Persistence |
| T1110.002 | Password Cracking | Credential Access |
| T1539 | Steal Web Session Cookie | Credential Access |
| T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
| T1567.001 | Exfiltration to Code Repository | Exfiltration |
| T1098.003 | Additional Cloud Roles | Persistence, Privilege Escalation |
| T1584.007 | Serverless | Resource Development |
| T1567.002 | Exfiltration to Cloud Storage | Exfiltration |
| T1110.004 | Credential Stuffing | Credential Access |
| T1556.004 | Network Device Authentication | Credential Access, Defense Evasion, Persistence |
| T1133 | External Remote Services | Initial Access, Persistence |
| T1110 | Brute Force | Credential Access |
| T1550.001 | Application Access Token | Defense Evasion, Lateral Movement |
| T1556 | Modify Authentication Process | Credential Access, Defense Evasion, Persistence |
| T1134.005 | SID-History Injection | Defense Evasion, Privilege Escalation |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
| T1565 | Data Manipulation | Impact |
| T1556.001 | Domain Controller Authentication | Credential Access, Defense Evasion, Persistence |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1052.001 | Exfiltration over USB | Exfiltration |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1098.005 | Device Registration | Persistence, Privilege Escalation |
| T1021 | Remote Services | Lateral Movement |
| T1552.005 | Cloud Instance Metadata API | Credential Access |
| T1557.002 | ARP Cache Poisoning | Collection, Credential Access |
| T1020.001 | Traffic Duplication | Exfiltration |
| T1136.003 | Cloud Account | Persistence |
| T1565.001 | Stored Data Manipulation | Impact |
| T1565.002 | Transmitted Data Manipulation | Impact |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1110.001 | Password Guessing | Credential Access |
| T1119 | Automated Collection | Collection |
| T1200 | Hardware Additions | Initial Access |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| A4.a | Supply Chain | The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used. |
| B2.b | Device Management | You fully know and have trust in the devices that are used to access your networks, information systems and data that support your essential function. |
| B2.a | Identity Verification, Authentication and Authorisation | You robustly verify, authenticate and authorise access to the networks and information systems supporting your essential function. |
| B2.c | Privileged User Management | You closely manage privileged user access to networks and information systems supporting the essential function. |