GRCWatch
Sign inStart free trial

AC.L2-3.1.15: Privileged Remote Access Authorization

Privileged remote access is a critical attack surface in CMMC Level 2 compliance. This control requires you to authorize and document all remote execution of privileged commands and access to security-relevant information. Without proper controls, attackers can exploit remote access to escalate privileges and compromise your entire network.

What this means

AC.L2-3.1.15 mandates that organizations only permit remote execution of privileged commands and access to security-critical data when there is a documented operational justification. This means establishing formal approval processes, maintaining audit trails of remote sessions, and restricting remote privileged access to specific authorized personnel and defined use cases.

How to comply

  1. 1.Document all operational needs that require remote privileged access with business justification
  2. 2.Implement multi-factor authentication for all remote privileged sessions
  3. 3.Establish role-based access controls limiting remote execution privileges to authorized personnel only
  4. 4.Configure remote access tools to log and monitor all privileged command execution
  5. 5.Review and approve remote access requests before granting elevated permissions
  6. 6.Disable remote access for privileged accounts when not actively needed
  7. 7.Conduct quarterly audits of active remote privileged access sessions

Evidence auditors look for

  • Documented remote access policy specifying approved operational use cases
  • Access request and approval forms for remote privileged execution
  • Audit logs showing remote sessions with timestamps, users, and commands executed
  • Multi-factor authentication configuration for remote access tools
  • Role-based access control matrix limiting remote privileges by job function
  • Periodic access reviews with sign-off from system owners
  • Remote access tool configurations with session recording enabled

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch automates remote access documentation workflows and generates audit-ready logs of all privileged sessions, eliminating manual tracking and reducing your AC.L2-3.1.15 compliance gap.

See how GRCWatch handles this control automatically

Start free trial

Related controls

AC.L2-3.1.1 - Authorized Access ControlAC.L2-3.1.5 - Access Control PolicySI.L2-3.14.1 - Information System Monitoring