NIST 800-53 r5 · Controls catalogue · Family AC
AC-17Remote Access
Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and Authorize each type of remote access to the system prior to allowing such connections.
Last updated: 19 May 2026 14:18 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (81)
- T1020.001 Traffic Duplication Exfiltration
- T1021 Remote Services Lateral Movement
- T1021.001 Remote Desktop Protocol Lateral Movement
- T1021.002 SMB/Windows Admin Shares Lateral Movement
- T1021.003 Distributed Component Object Model Lateral Movement
- T1021.004 SSH Lateral Movement
- T1021.005 VNC Lateral Movement
- T1021.006 Windows Remote Management Lateral Movement
- T1021.008 Direct Cloud VM Connections Lateral Movement
- T1037 Boot or Logon Initialization Scripts Persistence, Privilege Escalation
- T1037.001 Logon Script (Windows) Persistence, Privilege Escalation
- T1040 Network Sniffing Credential Access, Discovery
- T1047 Windows Management Instrumentation Execution
- T1059 Command and Scripting Interpreter Execution
- T1059.001 PowerShell Execution
- T1059.002 AppleScript Execution
- T1059.003 Windows Command Shell Execution
- T1059.004 Unix Shell Execution
- T1059.005 Visual Basic Execution
- T1059.006 Python Execution
- T1059.007 JavaScript Execution
- T1059.008 Network Device CLI Execution
- T1070 Indicator Removal Stealth
- T1070.008 Clear Mailbox Data Stealth
- T1114 Email Collection Collection
- T1114.001 Local Email Collection Collection
- T1114.002 Remote Email Collection Collection
- T1114.003 Email Forwarding Rule Collection
- T1119 Automated Collection Collection
- T1127.002 ClickOnce Stealth, Execution
- T1133 External Remote Services Persistence, Initial Access
- T1137 Office Application Startup Persistence
- T1137.002 Office Test Persistence
- T1213 Data from Information Repositories Collection
- T1213.001 Confluence Collection
- T1213.002 Sharepoint Collection
- T1213.005 Messaging Applications Collection
- T1219 Remote Access Tools Command And Control
- T1505.004 IIS Components Persistence
- T1505.005 Terminal Services DLL Persistence
- T1530 Data from Cloud Storage Collection
- T1537 Transfer Data to Cloud Account Exfiltration
- T1543 Create or Modify System Process Persistence, Privilege Escalation
- T1547.003 Time Providers Persistence, Privilege Escalation
- T1547.004 Winlogon Helper DLL Persistence, Privilege Escalation
- T1547.009 Shortcut Modification Persistence, Privilege Escalation
- T1547.012 Print Processors Persistence, Privilege Escalation
- T1547.013 XDG Autostart Entries Persistence, Privilege Escalation
- T1550.001 Application Access Token Lateral Movement
- T1552 Unsecured Credentials Credential Access
Weaknesses this control addresses (7)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-862 | Missing Authorization | 8,796 | Mandating authorization prior to allowing remote connections addresses missing authorization for remote access. |
CWE-284 | Improper Access Control | 4,905 | Requiring prior authorization for each remote access type prevents improper access control over remote connections. |
CWE-863 | Incorrect Authorization | 3,303 | The authorization process and usage restrictions help prevent incorrect authorization for remote access types. |
CWE-285 | Improper Authorization | 1,252 | Explicitly mandates authorizing remote access types before permitting connections, directly mitigating improper authorization. |
CWE-288 | Authentication Bypass Using an Alternate Path or Channel | 534 | Authorizing remote access reduces the ability to bypass authentication via unauthorized alternate remote channels. |
CWE-420 | Unprotected Alternate Channel | 38 | Usage restrictions and authorization for remote access protect against unprotected alternate channels. |
CWE-424 | Improper Protection of Alternate Path | 31 | Documenting requirements and authorizing remote access ensures proper protection of alternate paths. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-65294 | 2.0 | 9.8 | 0.0100 | good |
CVE-2025-0896 | 2.0 | 9.8 | 0.0030 | good |
CVE-2026-25807 | 1.8 | 8.8 | 0.0014 | good |
CVE-2026-40289 | 1.8 | 9.1 | 0.0005 | good |
CVE-2025-33054 | 1.7 | 8.1 | 0.0102 | good |
CVE-2025-30116 | 1.5 | 7.5 | 0.0018 | good |
CVE-2026-33892 | 1.4 | 7.1 | 0.0008 | good |
CVE-2024-53704 KEV | 9.6 | 9.8 | 0.9386 | good |
CVE-2026-39987 KEV UPD | 8.9 | 9.8 | 0.8184 | good |
CVE-2025-29266 | 2.0 | 9.6 | 0.0109 | good |
CVE-2025-36594 | 2.0 | 9.8 | 0.0042 | partial |
CVE-2024-12802 | 1.8 | 9.1 | 0.0006 | good |
CVE-2022-50975 | 1.8 | 8.8 | 0.0002 | good |
CVE-2026-24790 | 1.6 | 8.2 | 0.0011 | good |
CVE-2026-32838 | 1.5 | 7.5 | 0.0001 | good |
CVE-2020-36917 | 1.5 | 7.5 | 0.0009 | good |
CVE-2026-26151 UPD | 1.4 | 7.1 | 0.0010 | partial |
CVE-2024-57962 | 1.2 | 6.1 | 0.0010 | partial |
CVE-2025-0108 KEV | 9.5 | 9.1 | 0.9412 | partial |
CVE-2025-26465 UPD | 5.0 | 6.8 | 0.6122 | partial |
CVE-2026-29119 | 2.0 | 9.8 | 0.0043 | good |
CVE-2026-28777 | 2.0 | 9.8 | 0.0043 | good |
CVE-2025-70998 | 2.0 | 9.8 | 0.0026 | partial |
CVE-2026-23944 | 2.0 | 9.8 | 0.0018 | partial |
CVE-2026-23532 | 2.0 | 9.8 | 0.0014 | partial |