The recent water treatment facility’s poisoning hacking incident via Remote Access (TeamViewer) has caused a major concern. This has highlighted that CMMC controls remote access as well.
After looking at CMMC on remote access practices, this type of attack could be prevented through these CMMC practices:
AC.2.13 - Monitor and control remote access sessions
Complementary controls:
AC.2.015 - limit Remote access to specific access control points.
AC.3.014 - requires the use of cryptographic mechanisms when enabling remote sessions.
AC.3.021 - requires authorization for privilege commands executed during a remote session
IA.3.083 - Require multi-factor authentication for network access to non-privileged accounts.
MA.2.113 - Requires the addition of multifactor authentication for remote maintenance sessions.
After looking at CMMC on remote access practices, this type of attack could be prevented through these CMMC practices:
AC.2.13 - Monitor and control remote access sessions
Complementary controls:
AC.2.015 - limit Remote access to specific access control points.
AC.3.014 - requires the use of cryptographic mechanisms when enabling remote sessions.
AC.3.021 - requires authorization for privilege commands executed during a remote session
IA.3.083 - Require multi-factor authentication for network access to non-privileged accounts.
MA.2.113 - Requires the addition of multifactor authentication for remote maintenance sessions.
