AC-17 - Remote Access

AC-17 specifies that remote access to organizational systems must be authorized, securely configured, and continuously monitored. It requires the use of approved authentication mechanisms, encrypted communications, and logging of remote sessions, with periodic reviews to ensure access privileges remain appropriate and aligned with security policies.