NIST 800-53 AC-17 Mappings

Remote access is access to organizational systems (or processes acting on behalf of users) that communicate through external networks such as the Internet. Types of remote access include dial-up, broadband, and wireless. Organizations use encrypted virtual private networks (VPNs) to enhance confidentiality and integrity for remote connections. The use of encrypted VPNs provides sufficient assurance to the organization that it can effectively treat such connections as internal networks if the cryptographic mechanisms used are implemented in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Still, VPN connections traverse external networks, and the encrypted VPN does not enhance the availability of remote connections. VPNs with encrypted tunnels can also affect the ability to adequately monitor network communications traffic for malicious code. Remote access controls apply to systems other than public web servers or systems designed for public access. Authorization of each remote access type addresses authorization prior to allowing remote access without specifying the specific formats for such authorization. While organizations may use information exchange and system connection security agreements to manage remote access connections to other systems, such agreements are addressed as part of CA-03. Enforcing access restrictions for remote access is addressed via AC-03.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-17 Remote Access Protects T1020.001 Traffic Duplication
AC-17 Remote Access Protects T1021 Remote Services
AC-17 Remote Access Protects T1021.001 Remote Desktop Protocol
AC-17 Remote Access Protects T1021.002 SMB/Windows Admin Shares
AC-17 Remote Access Protects T1021.003 Distributed Component Object Model
AC-17 Remote Access Protects T1021.004 SSH
AC-17 Remote Access Protects T1021.005 VNC
AC-17 Remote Access Protects T1021.006 Windows Remote Management
AC-17 Remote Access Protects T1037 Boot or Logon Initialization Scripts
AC-17 Remote Access Protects T1037.001 Logon Script (Windows)
AC-17 Remote Access Protects T1040 Network Sniffing
AC-17 Remote Access Protects T1047 Windows Management Instrumentation
AC-17 Remote Access Protects T1070 Indicator Removal on Host
AC-17 Remote Access Protects T1070.001 Clear Windows Event Logs
AC-17 Remote Access Protects T1070.002 Clear Linux or Mac System Logs
AC-17 Remote Access Protects T1114 Email Collection
AC-17 Remote Access Protects T1114.001 Local Email Collection
AC-17 Remote Access Protects T1114.002 Remote Email Collection
AC-17 Remote Access Protects T1114.003 Email Forwarding Rule
AC-17 Remote Access Protects T1119 Automated Collection
AC-17 Remote Access Protects T1133 External Remote Services
AC-17 Remote Access Protects T1137 Office Application Startup
AC-17 Remote Access Protects T1137.002 Office Test
AC-17 Remote Access Protects T1204 User Execution
AC-17 Remote Access Protects T1204.001 Malicious Link
AC-17 Remote Access Protects T1204.002 Malicious File
AC-17 Remote Access Protects T1219 Remote Access Software
AC-17 Remote Access Protects T1530 Data from Cloud Storage Object
AC-17 Remote Access Protects T1537 Transfer Data to Cloud Account
AC-17 Remote Access Protects T1543 Create or Modify System Process
AC-17 Remote Access Protects T1543.003 Windows Service
AC-17 Remote Access Protects T1550.001 Application Access Token
AC-17 Remote Access Protects T1552 Unsecured Credentials
AC-17 Remote Access Protects T1552.004 Private Keys
AC-17 Remote Access Protects T1557 Man-in-the-Middle
AC-17 Remote Access Protects T1557.002 ARP Cache Poisoning
AC-17 Remote Access Protects T1558 Steal or Forge Kerberos Tickets
AC-17 Remote Access Protects T1558.002 Silver Ticket
AC-17 Remote Access Protects T1558.003 Kerberoasting
AC-17 Remote Access Protects T1558.004 AS-REP Roasting
AC-17 Remote Access Protects T1563 Remote Service Session Hijacking
AC-17 Remote Access Protects T1563.001 SSH Hijacking
AC-17 Remote Access Protects T1563.002 RDP Hijacking
AC-17 Remote Access Protects T1565 Data Manipulation
AC-17 Remote Access Protects T1565.001 Stored Data Manipulation
AC-17 Remote Access Protects T1565.002 Transmitted Data Manipulation
AC-17 Remote Access Protects T1602 Data from Configuration Repository
AC-17 Remote Access Protects T1602.001 SNMP (MIB Dump)
AC-17 Remote Access Protects T1602.002 Network Device Configuration Dump