AC-17(4): Privileged Commands and Access

Control Family:

Access Control

Parent Control:

AC-17: Remote Access

CSF v1.1 References:

PR.AC-3
PR.PT-4

Threats Addressed:

Elevation of Privilege
Lateral Movement

Baselines:

Moderate
High

Previous Version:

NIST Special Publication 800-53 Revision 4:
AC-17(4): Privileged Commands / Access

Control Statement

Authorize the execution of privileged commands and access to security-relevant information via remote access only in a format that provides assessable evidence and for the following needs: [Assignment: organization-defined needs]; and
Document the rationale for remote access in the security plan for the system.

Supplemental Guidance

Remote access to systems represents a significant potential vulnerability that can be exploited by adversaries. As such, restricting the execution of privileged commands and access to security-relevant information via remote access reduces the exposure of the organization and the susceptibility to threats by adversaries to the remote access capability.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5