CMMCDocs.comHome / Glossary / AC.L2-3.1.12
AC.L2-3.1.12
Also known as: Monitor remote access requirement
The NIST SP 800-171 requirement that mandates the contractor monitor and control remote access sessions.
AC.L2-3.1.12 requires the contractor to 'monitor and control remote access sessions.' In practice, this means the contractor must log who is connecting remotely, from where, what they accessed during the session, and how long the session lasted — and must have the ability to terminate a remote session if it becomes suspicious.
Most contractors implement this with a combination of VPN logs, identity provider sign-in logs, and SIEM correlation. Some use a privileged access management (PAM) tool for sessions involving administrative access.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account