What is NIST 800-171 Control 3.13.7?
Control 3.13.7 mandates that only authorized users—with verified credentials and approved methods—should be able to remotely access organizational systems. This applies to:
• Remote desktop tools
• VPN connections
• Cloud access to on-prem systems
• Third-party maintenance sessions
Access attempts from unauthorized users, IPs, or devices must be blocked.
Why It Matters
Remote access is one of the most exploited attack vectors. If not properly secured, attackers can:
• Brute-force login credentials
• Exploit misconfigured VPNs or RDP
• Move laterally into internal networks after initial access
Preventing unauthorized access stops breaches before they begin.
How to Implement It
• Only allow remote access via secure, approved channels (e.g., VPN with MFA)
• Restrict remote access to specific users, devices, and networks
• Use firewalls, access control lists, and intrusion prevention systems to monitor and block unauthorized attempts
• Log all remote access attempts and configure real-time alerts for unauthorized activity
• Regularly audit remote access policies and logs
Common Mistakes
• Leaving RDP or SSH ports open to the internet
• Not using MFA for remote access
• Allowing “temporary” exceptions to become permanent
How Cuick Trac Helps
Cuick Trac secures remote access by:
• Enforcing multi-factor authentication and access control for all remote users
• Blocking unauthorized access attempts with a default-deny policy
• Providing a hardened enclave environment with restricted entry points
• Offering advisory support to design compliant, secure remote access workflows
With Cuick Trac, only the right users can get in—and only in the right way.
Final CTA
Remote access is a privilege—not a vulnerability. Lock it down.
Schedule a Cuick Trac demo and keep unauthorized users out for good.