Evidence – AC.L2-3.1.12
Monitor and Control Remote Access Sessions
Control Overview
This document describes the evidence used to demonstrate implementation of AC.L2-3.1.12, which requires remote access sessions to be monitored and controlled.
This evidence supports the control response documented in the System Security Plan (SSP).
Evidence Objectives
Evidence for this control demonstrates that:
- Remote access to the enclave is explicitly defined and controlled
- Only approved remote access methods are permitted
- Remote access is restricted to authenticated users and managed devices
Evidence Artifacts
1. Remote Access Control Configuration
Evidence demonstrating controlled remote access may include:
- Conditional Access policies restricting access to managed devices
- Restrictions preventing access from unmanaged or unknown devices
- Configuration requiring authenticated cloud access for remote users
Examples of acceptable sources:
- Microsoft Entra ID Conditional Access device and location policies
- Microsoft Intune device compliance requirements
- Google Workspace Admin Console access and endpoint policies
Evidence Retention
Evidence supporting this control is retained in accordance with organizational policy and contractual requirements and is available for review during assessment.
Notes
Remote access in cloud-based environments is controlled through identity, device trust, and access policies rather than traditional network boundaries.