IT-10 Remote Access

What is IT-10 Remote Access Control?

Remote access control ensures that your organization has implemented secure measures for remote access to your organization’s sensitive information. This is particularly important in the age of telecommuting.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.

Tools

Anydesk

RemotePC

RDP

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

• Externally sourced Remote access policy template

Control implementation

To implement this control,

1. You need to document the secure practices in your IS policy so that all your employees have secure remote work access.
2. You need to implement some secure practices to enforce the security of remote access. Some tools to implement are:
   1. VPNS
   2. Zero-trust network access
   3. Endpoint security
   4. Privileged access management

What evidence does the auditor look for?

Most auditors, at a minimum, are looking for the below-suggested action:

1. Documented remote access policy
2. Remote access tool configuration settings

Evidence example

For the suggested action, an example is provided below:

1. Documented remote access policy
   Here is an externally sourced remote access policy template.
2. Remote access tool configuration settings
   The following screenshot shows the remote access tool configuration settings.
   SourceThe following screenshot is an example of a VPN configuration. There may be many other ways to demonstrate remote access tools. This is a visual representation of what the evidence looks like.