SC-7(15): Networked Privileged Accesses

Control Family:

System and Communications Protection

Parent Control:

SC-7: Boundary Protection

CSF v1.1 References:

PR.AC-5
PR.DS-5
PR.PT-4
DE.CM-1

Threats Addressed:

Elevation of Privilege
Lateral Movement

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SC-7(15): Route Privileged Network Accesses

Control Statement

Route networked, privileged accesses through a dedicated, managed interface for purposes of access control and auditing.

Supplemental Guidance

Privileged access provides greater accessibility to system functions, including security functions. Adversaries attempt to gain privileged access to systems through remote access to cause adverse mission or business impacts, such as by exfiltrating information or bringing down a critical system capability. Routing networked, privileged access requests through a dedicated, managed interface further restricts privileged access for increased access control and auditing.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5

Critical Security Controls Version 7.1