AC-17: Remote Access

From NIST's SP800-53:

a. Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and b. Authorize each type of remote access to the system prior to allowing such connections.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Control ID	Description
PR.AC-3	Remote access is managed
PR.PT-4	Communications and control networks are protected

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

ATT&CK ID	Title	Associated Tactics
T1059.005	Visual Basic	Execution
T1059.006	Python	Execution
T1557.002	ARP Cache Poisoning	Collection, Credential Access
T1563.002	RDP Hijacking	Lateral Movement
T1059.003	Windows Command Shell	Execution
T1119	Automated Collection	Collection
T1137	Office Application Startup	Persistence
T1040	Network Sniffing	Credential Access, Discovery
T1021	Remote Services	Lateral Movement
T1563	Remote Service Session Hijacking	Lateral Movement
T1552.002	Credentials in Registry	Credential Access
T1114.002	Remote Email Collection	Collection
T1530	Data from Cloud Storage	Collection
T1114.003	Email Forwarding Rule	Collection
T1021.004	SSH	Lateral Movement
T1070.008	Clear Mailbox Data	Defense Evasion
T1602	Data from Configuration Repository	Collection
T1550.001	Application Access Token	Defense Evasion, Lateral Movement
T1565.001	Stored Data Manipulation	Impact
T1610	Deploy Container	Defense Evasion, Execution
T1021.006	Windows Remote Management	Lateral Movement
T1613	Container and Resource Discovery	Discovery
T1213	Data from Information Repositories	Collection
T1047	Windows Management Instrumentation	Execution
T1558.002	Silver Ticket	Credential Access
T1213.001	Confluence	Collection
T1543	Create or Modify System Process	Persistence, Privilege Escalation
T1505.005	Terminal Services DLL	Persistence
T1114	Email Collection	Collection
T1547.012	Print Processors	Persistence, Privilege Escalation
T1547.003	Time Providers	Persistence, Privilege Escalation
T1213.002	Sharepoint	Collection
T1602.001	SNMP (MIB Dump)	Collection
T1558	Steal or Forge Kerberos Tickets	Credential Access
T1552.007	Container API	Credential Access
T1133	External Remote Services	Initial Access, Persistence
T1565.002	Transmitted Data Manipulation	Impact
T1059.001	PowerShell	Execution
T1552	Unsecured Credentials	Credential Access
T1612	Build Image on Host	Defense Evasion
T1558.003	Kerberoasting	Credential Access
T1059.007	JavaScript	Execution
T1557	Adversary-in-the-Middle	Collection, Credential Access
T1619	Cloud Storage Object Discovery	Discovery
T1547.009	Shortcut Modification	Persistence, Privilege Escalation
T1547.004	Winlogon Helper DLL	Persistence, Privilege Escalation
T1021.003	Distributed Component Object Model	Lateral Movement
T1059	Command and Scripting Interpreter	Execution
T1558.004	AS-REP Roasting	Credential Access
T1021.002	SMB/Windows Admin Shares	Lateral Movement
T1021.001	Remote Desktop Protocol	Lateral Movement
T1070.002	Clear Linux or Mac System Logs	Defense Evasion
T1137.002	Office Test	Persistence
T1647	Plist File Modification	Defense Evasion
T1037.001	Logon Script (Windows)	Persistence, Privilege Escalation
T1059.008	Network Device CLI	Execution
T1563.001	SSH Hijacking	Lateral Movement
T1565	Data Manipulation	Impact
T1537	Transfer Data to Cloud Account	Exfiltration
T1114.001	Local Email Collection	Collection
T1219	Remote Access Software	Command and Control
T1059.002	AppleScript	Execution
T1070.001	Clear Windows Event Logs	Defense Evasion
T1037	Boot or Logon Initialization Scripts	Persistence, Privilege Escalation
T1547.013	XDG Autostart Entries	Persistence, Privilege Escalation
T1059.004	Unix Shell	Execution
T1602.002	Network Device Configuration Dump	Collection
T1505.004	IIS Components	Persistence
T1020.001	Traffic Duplication	Exfiltration
T1070	Indicator Removal	Defense Evasion
T1021.005	VNC	Lateral Movement
T1552.004	Private Keys	Credential Access
T1609	Container Administration Command	Execution