03.01.12 — (a) Establish usage restrictions, configuration requirements, and connection requirements for each type of allowable remote system access. (b) Authorize each type of remote system access prior to establishing such connections. (c) Route remote access to the system through authorized and managed access control points. (d) Authorize the remote execution of privileged commands and remote access to security-relevant information.

What this control requires

(a) Establish usage restrictions, configuration requirements, and connection requirements for each type of allowable remote system access. (b) Authorize each type of remote system access prior to establishing such connections. (c) Route remote access to the system through authorized and managed access control points. (d) Authorize the remote execution of privileged commands and remote access to security-relevant information.

Source: NIST SP 800-171 R3 §03.01.12 (official control text).

Why this matters

Remote access represents one of the most significant attack vectors for organizations handling sensitive information. Every VPN connection, remote desktop session, or cloud-based access point creates a potential entry for adversaries who exploit weak configurations, stolen credentials, or unmonitored connections. This control requires organizations to deliberately architect their remote access strategy—defining what types of remote connections are permitted, requiring explicit authorization before enabling them, funneling all remote traffic through monitored chokepoints, and placing extra restrictions on privileged administrative actions performed remotely. Without these safeguards, attackers who compromise a single remote credential can pivot laterally, escalate privileges, and exfiltrate CUI without detection. The control protects both the organization's systems and the sensitive data entrusted to it.

What evidence assessors expect

Assessors typically look for: PDF, configuration export, CSV export, screenshot. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls