NIST 800-53 AC-17 Mappings

Remote access is access to organizational systems (or processes acting on behalf of users) that communicate through external networks such as the Internet. Types of remote access include dial-up, broadband, and wireless. Organizations use encrypted virtual private networks (VPNs) to enhance confidentiality and integrity for remote connections. The use of encrypted VPNs provides sufficient assurance to the organization that it can effectively treat such connections as internal networks if the cryptographic mechanisms used are implemented in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Still, VPN connections traverse external networks, and the encrypted VPN does not enhance the availability of remote connections. VPNs with encrypted tunnels can also affect the ability to adequately monitor network communications traffic for malicious code. Remote access controls apply to systems other than public web servers or systems designed for public access. Authorization of each remote access type addresses authorization prior to allowing remote access without specifying the specific formats for such authorization. While organizations may use information exchange and system connection security agreements to manage remote access connections to other systems, such agreements are addressed as part of CA-03. Enforcing access restrictions for remote access is addressed via AC-03.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-17 Remote Access Protects T1021.003 Distributed Component Object Model
AC-17 Remote Access Protects T1021.004 SSH
AC-17 Remote Access Protects T1021.005 VNC
AC-17 Remote Access Protects T1037.001 Logon Script (Windows)
AC-17 Remote Access Protects T1059 Command and Scripting Interpreter
AC-17 Remote Access Protects T1059.001 PowerShell
AC-17 Remote Access Protects T1059.002 AppleScript
AC-17 Remote Access Protects T1059.003 Windows Command Shell
AC-17 Remote Access Protects T1059.004 Unix Shell
AC-17 Remote Access Protects T1059.005 Visual Basic
AC-17 Remote Access Protects T1059.006 Python
AC-17 Remote Access Protects T1059.007 JavaScript
AC-17 Remote Access Protects T1059.008 Network Device CLI
AC-17 Remote Access Protects T1070.002 Clear Linux or Mac System Logs
AC-17 Remote Access Protects T1114.001 Local Email Collection
AC-17 Remote Access Protects T1119 Automated Collection
AC-17 Remote Access Protects T1137 Office Application Startup
AC-17 Remote Access Protects T1137.002 Office Test
AC-17 Remote Access Protects T1213 Data from Information Repositories
AC-17 Remote Access Protects T1213.001 Confluence
AC-17 Remote Access Protects T1213.002 Sharepoint
AC-17 Remote Access Protects T1505.004 IIS Components
AC-17 Remote Access Protects T1505.005 Terminal Services DLL
AC-17 Remote Access Protects T1537 Transfer Data to Cloud Account
AC-17 Remote Access Protects T1543 Create or Modify System Process
AC-17 Remote Access Protects T1547.003 Time Providers
AC-17 Remote Access Protects T1547.004 Winlogon Helper DLL
AC-17 Remote Access Protects T1547.009 Shortcut Modification
AC-17 Remote Access Protects T1552.007 Container API
AC-17 Remote Access Protects T1557.002 ARP Cache Poisoning
AC-17 Remote Access Protects T1558 Steal or Forge Kerberos Tickets
AC-17 Remote Access Protects T1558.002 Silver Ticket
AC-17 Remote Access Protects T1558.003 Kerberoasting
AC-17 Remote Access Protects T1558.004 AS-REP Roasting
AC-17 Remote Access Protects T1563 Remote Service Session Hijacking
AC-17 Remote Access Protects T1563.001 SSH Hijacking
AC-17 Remote Access Protects T1563.002 RDP Hijacking
AC-17 Remote Access Protects T1565 Data Manipulation
AC-17 Remote Access Protects T1565.001 Stored Data Manipulation
AC-17 Remote Access Protects T1565.002 Transmitted Data Manipulation
AC-17 Remote Access Protects T1602 Data from Configuration Repository
AC-17 Remote Access Protects T1602.001 SNMP (MIB Dump)
AC-17 Remote Access Protects T1602.002 Network Device Configuration Dump
AC-17 Remote Access Protects T1610 Deploy Container
AC-17 Remote Access Protects T1613 Container and Resource Discovery
AC-17 Remote Access Protects T1619 Cloud Storage Object Discovery
AC-17 Remote Access Protects T1647 Plist File Modification
AC-17 Remote Access Protects T1612 Build Image on Host
AC-17 Remote Access Protects T1557 Adversary-in-the-Middle
AC-17 Remote Access Protects T1552.004 Private Keys
AC-17 Remote Access Protects T1550.001 Application Access Token
AC-17 Remote Access Protects T1547.013 XDG Autostart Entries
AC-17 Remote Access Protects T1547.012 Print Processors
AC-17 Remote Access Protects T1530 Data from Cloud Storage
AC-17 Remote Access Protects T1219 Remote Access Software
AC-17 Remote Access Protects T1114.003 Email Forwarding Rule
AC-17 Remote Access Protects T1070.001 Clear Windows Event Logs
AC-17 Remote Access Protects T1552.002 Credentials in Registry
AC-17 Remote Access Protects T1114 Email Collection
AC-17 Remote Access Protects T1037 Boot or Logon Initialization Scripts
AC-17 Remote Access Protects T1133 External Remote Services
AC-17 Remote Access Protects T1070 Indicator Removal
AC-17 Remote Access Protects T1021.001 Remote Desktop Protocol
AC-17 Remote Access Protects T1021.002 SMB/Windows Admin Shares
AC-17 Remote Access Protects T1021.006 Windows Remote Management
AC-17 Remote Access Protects T1047 Windows Management Instrumentation
AC-17 Remote Access Protects T1114.002 Remote Email Collection
AC-17 Remote Access Protects T1609 Container Administration Command
AC-17 Remote Access Protects T1552 Unsecured Credentials
AC-17 Remote Access Protects T1070.008 Clear Mailbox Data
AC-17 Remote Access Protects T1659 Content Injection
AC-17 Remote Access Protects T1651 Cloud Administration Command
AC-17 Remote Access Protects T1567.004 Exfiltration Over Webhook
AC-17 Remote Access Protects T1567.003 Exfiltration to Text Storage Sites
AC-17 Remote Access Protects T1021.008 Direct Cloud VM Connections
AC-17 Remote Access Protects T1552.005 Cloud Instance Metadata API
AC-17 Remote Access Protects T1040 Network Sniffing
AC-17 Remote Access Protects T1020.001 Traffic Duplication
AC-17 Remote Access Protects T1021 Remote Services