GRCWatch
Sign inStart free trial

AC.L2-3.1.12: Monitor and Control Remote Access Sessions

Remote access poses significant security risks if left unmonitored. AC.L2-3.1.12 requires organizations to actively monitor and control remote access sessions to prevent unauthorized activity. Proper implementation protects sensitive data while maintaining operational flexibility for your workforce.

What this means

This control mandates that organizations implement mechanisms to monitor all remote access to systems and networks in real-time. You must establish policies that govern who can access systems remotely, under what conditions, and from which locations or devices. Active monitoring includes tracking session activity, enforcing idle timeouts, and maintaining detailed logs of all remote connections for audit purposes.

How to comply

  1. 1.Deploy remote access solutions with built-in session monitoring and logging capabilities
  2. 2.Establish remote access policies defining approved users, devices, and connection methods
  3. 3.Implement multi-factor authentication for all remote access requests
  4. 4.Configure automatic session timeouts after periods of inactivity
  5. 5.Enable real-time alerts for suspicious remote access attempts or policy violations
  6. 6.Maintain comprehensive audit logs of all remote sessions including login/logout times and user actions
  7. 7.Conduct regular reviews of remote access logs to identify unauthorized or anomalous activity
  8. 8.Restrict remote access based on geographic location, device compliance status, or time-based rules

Evidence auditors look for

  • Remote access policy documentation specifying approved access methods and user restrictions
  • Screenshots of monitoring dashboards showing active session tracking and real-time alerts
  • Audit logs demonstrating 90+ days of remote access session records with timestamps
  • Configuration files showing idle timeout settings and multi-factor authentication enforcement
  • Access control lists limiting remote access to authorized users and devices
  • Security logs showing session terminations and policy violation alerts
  • Documentation of monitoring procedures and frequency of access log reviews

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch automates remote access session logging and monitoring by integrating with your VPN and access management tools, automatically capturing and organizing audit trails while flagging policy violations in real-time—eliminating manual log collection and reducing compliance audit time by hours.

See how GRCWatch handles this control automatically

Start free trial

Related controls

AC.L2-3.1.1 — Authorized Access ControlAC.L2-3.1.22 — Control Physical AccessSI.L2-3.14.1 — Information System MonitoringSI.L2-3.14.2 — Security-Relevant Events